Did you know that cyberattacks and phishing actually
increased in the midst of the pandemic?
Google recorded a large number of phishing sites during
2020, according to Forbes.
Remote work did not go unnoticed by cybercriminals. They saw
this is an opportunity to access business networks and systems through work
devices and vulnerabilities in remote work connections.
Plus, with practice and intelligence like using social
engineering to trick us, cyberattacks like email phishing are harder to detect
- they do look legitimate.
So, it's time to explore email security issues. 🙂
In favor of hackers, we cannot exclude the human factor.
Many of us will at some point open a phishing email, click a malicious link, or
download what might chance out to be ransomware.
What is DMARC?
DMARC stands for Domain-based Message Authentication,
Reporting and Compliance, and is one of the protocols created to protect
your email domain. Nevertheless, DMARC is not the only protection you can have,
and in order to get it, you must implement at least one more, i.e. SPF or DKIM
(but better yet, both).
SPF
The Sender Policy Framework is the first layer of protection
that verifies that email sent from your domain was sent by you or other parties
who may send messages on your behalf.
SPF has a couple of major drawbacks. For example, if an
email is forwarded, it will no longer pass SPF authentication.
KIM
DomainKeys is another email verification method that uses an
electronic signature to ensure that a message has not been tampered with on its way from sender to recipient.
No one
The policy "none" means that nothing will happen
to the email, regardless of whether the authentication is successful or not.
Basically, it's as if DMARC is not implemented at all.
So why do you need a no policy? First, it is useful in the
early stages of DMARC implementation — it gives you the ability to see your
email traffic. Secondly, it allows you to see how many of your emails (and
which ones) have passed or failed authentication.
Quarantine
The quarantine policy takes it to the next level. At this
point, the unauthenticated message will be marked as spam.
Deny
An "opt-out" policy is your ultimate protection.
With it, emails that are not authenticated will be completely blocked and will
not reach the recipient. But it will take time and effort to move to a policy
of “rejection”.
What Happens During Authentication
Here is a simplified version of DMARC authentication.
The mail server performs SPF and DKIM authentication.
If these checks succeed, the server applies the installed
DMARC policy (no, quarantine or deny).
DMARC sends an action report for every email sent from a
specific domain.
DMARC Report
The DMARC report is a long topic for another article, but
what you need to know (and what Google advises you to do) is to find a suitable
third-party tool to work with DMARC reports.
Why? The fact is that DMARC reports were not originally
intended for human reading and were in XML format.
Another hurdle is the number of reports: DMARC sends the
report to the server. Depending on the volume of your email, you can start
receiving hundreds or thousands of emails.
DMARC analyzer
So what does a third-party DMARC parser do? It collects,
stores and analyzes your DMARC reports, providing you with a well-structured
and an understandable view of all your domain information.
DMARC: security and delivery in 2021
While there is an obvious reason for adopting DMARC to stay
secure, many factors are hesitant to start using it or move from a no to a more
secure reject policy if they have an entry.
newyorkersblog cosmopolitansblog realsimpleblog nextwebblog theinformativeblog
