DMARC has reshaped the email fraud landscape, disrupted longstanding phishing strategies, and forced cybercriminals to abandon preferred targets. Today, DMARC is still the best remedy in the fight against phishing and spoofing. As its implementation continues to spread outward from early adopters, it has the potential to nullify an entire class of email fraud. As proud founding members of DMARC, we will continue to be at the forefront of innovation, helping companies systematically defend themselves, their employees, and their customers.
You might expect that the IT department or security team knows who’s sending email using your company’s domains. But for a variety of reasons these groups are often unaware of many legitimate senders — not to mention all the bad actors. Fortunately you can get a more complete view by using DMARC‘s reporting features.
How does it happen? Product teams managing a new product launch or customer survey hire marketing consultants and Email Service Providers (ESP). Affiliate programs or strategic partnerships lead to new domains or sub-domains being created. Employee benefit programs are outsourced, and the vendor wants to use a sending address in your domain. All too often these things are done quietly as part of a small project, without consulting anybody in another department or division.
And then there are all the bad actors using your domains without asking permission…
What is DMARC, and how does it combat phishing?
- DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of peoples’ inboxes.
- DMARC is a proposed standard that allows email senders and receivers to cooperate in sharing information about the email they send to each other. This information helps senders improve the mail authentication infrastructure so that all their mail can be authenticated. It also gives the legitimate owner of an Internet domain a way to request that illegitimate messages – spoofed spam, phishing – be put directly in the spam folder or rejected outright.
Why is DMARC needed?
End users and companies all suffer from the high volume of spam and phishing on the Internet. Over the years several methods have been introduced to try and identify when mail from (for example) ENMAIN.COM really is, or really isn’t coming from the ENMAIN. However: Continue reading “What is DMARC? Why is DMARC needed?”
For nearly a decade, DDoS (Distributed Denial of Service) was a basic flood attack that simply tried to overwhelm a connection with traffic with the goal of taking that web property offline. DDoS was a basic attack against availability.
What is it?
As any email hosting customer knows, SPF and DKIM are extremely important for email reputation and preventing email spoofing. We’ve supported both from day one. Since SPF and DKIM are part of the Redmain email deployment process, we have an extremely high adoption rate from customers. The latest standard, DMARC, ties both SPF and DKIM together, allowing you to create domain policies on what email should be accepted (or rejected) based on the SPF or DKIM results. A number of ISPs (Google, Microsoft, Yahoo, etc) support DMARC and will obey the policies that you set in DNS.
While DMARC is truly a huge step forward, it’s highly complicated and risky to implement. If you set a DMARC policy without knowing all of your email sources (mailboxes, email marketing services, CRM, transactional email, server alerts, etc) you could potentially cause legitimate emails to be rejected. In addition, each ISP will deliver reports about your domain’s activity and show which domains and IP address have sent email on your behalf along with the SPF and DKIM results. The problem is that these reports are sent as XML files, making it incredibly hard to read and understand. That’s where Redmain’s DMARC service comes in.
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.
DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.
Email’s Big Upgrade
DMARC is changing the world of email.
Deliverability is changing for the better. Instead of guessing how to get your email delivered, all major email receivers are asking senders to make email easy to identify.
This process is called email authentication, and DMARC is the right way to do it.
DMARC is the building block for modern email reputations systems. If you’re not sending DMARC-ccompliant email, your reputation is a mish-mash of IP addresses, your ESP, and factors that may be beyond your control.
Take control of your reputation by deploying DMARC across your email, and be judged on the email you send!
DMARC is used today to remove fraud from the email channel. You can benefit from the same anti-phishing controls enjoyed by PayPal, Facebook, Twitter, and lots of others.
Redmain helps everyone benefit from the strong security provided by DMARC. Once you accurately deploy DMARC, you can tell receivers to quarantine or reject illegitimate email.
Contact us if you’re interested in learning all about DMARC’s continuing impact.