A Practical Guide to Leverage DMARC

Share Button

Guide to Leverage DMARC

This week we launched a new addition to the Total Fraud Protection platform—DMARC CompassTM. DMARC Compass is a cloud-based service that was built to fill a giant, gaping hole in most anti-fraud programs and to provide huge and wide-ranging benefits to infosec, marketing, advertising, legal and sales teams. The problem with B2B or B2C email is two-fold—email is critical and nobody trusts it, especially with 100 billion pieces of spam sent on a daily basis.

DMARC (Domain Message Authentication Reporting and Conformance) is an emerging Internet Engineering Task Force (IETF) standard already being taken up by providers of more than three billion email boxes to help put some trust back into email.

Easy Solutions is in the anti-fraud business, so we take note and support any legitimate effort to reduce fraud by any means available. In this case, DMARC provides a foundation for offering unprecedented visibility into how good or bad your email flows are, and can tell any email receiver on the planet to trash fake emails immediately upon receipt.

I thought it would be useful to set up a question and answer series related to DMARC, its deployment scenarios, and why nearly every company online with a domain name should begin to assess how they can leverage this powerful technology.

Q: What is DMARC?

A: DMARC is an Internet protocol specification that is working its way through the IETF standardization process.

The current draft standard is accessible here: https://datatracker.ietf.org/doc/draft-kucherawy-dmarc-base/ where it is defined as: "Specifically DMARC is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, and a mail receiving organization can use those policies and preferences to improve mail handling.

Originators of Internet Mail need to be able to associate reliable and authenticated domain identifiers with messages, communicate policies about messages that use those identifiers, and report on mail using those identifiers. These abilities have several benefits: Receivers can provide feedback to domain owners about the use of their domains, which can provide valuable insight about the management of internal operations and the presence of external domain name abuse. DMARC is being aggressively adopted by email senders and receivers alike because it is so promising."

Q: Who can benefit from DMARC?

A: Any company that would like to have a secure, trusted email channel with their customers, vendors, partners or employees. Email security has devolved to such an extent that email by in large is completely untrusted. This leads to ineffective customer communication, missed sales and marketing opportunities and reduced trust in your brand online.

Q: I thought DMARC was free. Explain!

A: Any email sender and any email receiver can use the DMARC rails provided by the global community for FREE. Free use of these rails provides access to the critical, raw reporting data that helps you see who is sending email and who is spoofing. DMARC Compass helps to organize all the data provided by DMARC, assess DMARC readiness amongst authorized 3rd party senders, and programmatically move towards “p=reject”.

Q: Is deploying DMARC hard?

A: This is the best part. DMARC can be deployed in what is called “monitoring” mode. As an email sender in monitoring mode, you advertise to the Internet that you would like all DMARC-compliant email receivers (Google, Yahoo, Hotmail, and thousands more) to start sending you reports on who is sending email reportedly from your domain.  That’s it.  No emails are flagged, blocked, rejected, quarantined. In fact, nearly 100% of DMARC deployments on the sender side start this way.

Q: What do “reject” and “quarantine” mean in a DMARC record?

A: Once a company or domain owner has been collecting data in “monitor mode” and the data shows that legitimate traffic is passing authentication checks, they can change their policy to “quarantine mode”. This phase means that messages will start being put aside for review. As domain owners gain confidence that no legitimate communication is being mistakenly quarantined, they can move to a “reject” policy. In “p=reject” mode, spam and phishing messages are erased completely and will never reach their destination.

Q: What do I do with all this reporting data?

A: This is where DMARC Compass comes in.  Compass is a cloud-based service that collects, parses, organizes and visualizes all of this data to paint a complete picture of your global email flows—the good, the bad and the ugly. With Compass, you get everything in one place, and often within minutes of activating DMARC Compass, you will discover email senders that you didn’t know about, misconfigurations which have been present for months and any other unknown IPs spoofing email from your domain. Compass provides the visibility to make sense of this data and set the stage for trusted domain-based email.

Q: What is the endgame for any DMARC deployment?

A: While in monitoring mode, no email is blocked (even the bad ones). The promise of DMARC is that once all internal and authorized email servers are identified and configured properly, you can flip the switch to begin blocking malicious email. This is called “reject” mode. Once this action is taken, it will be impossible for fisheries, spammers and spoofers to deliver fake email to DMARC-protected email receivers. This action cements the trust relationship between domain-based email sent by you and received by DMARC protected mailboxes—numbering in the billions.

Q: Can DMARC support enhance my anti-fraud program?

A: Yes, DMARC provides invaluable reporting information about the amount and structure of phishing attacks against a customer population. At Easy Solutions and via DMARC Compass, we integrate this data into our fraud intelligence service, Detect Monitoring Service. This real-time feed of information improves our visibility into attacks, speeds up takedown times and decreases losses related to account takeover.

I hope this information helps and feel free to respond to this post with any additional questions we can help answer. For more information about DMARC Compass, please visit: http://www.easysol.net/products/easy-sol-products/dmarc-compass

 

 

Related Posts

Cyxtera Helps Global Bank Shut Down Malware Injection Attacks Cybercriminals are nothing if not persistent. A large financial institution with a global presence has been experiencing a series of sophisticated malware injection attacks – despite the steady failure rate, the cybercriminals behind the attack campaign continue to persist.
5 Top Cybersecurity Questions (and Their Answers) It’s no secret that in the anti-fraud world, too many organizations are being victimized by advanced attacks that their antiquated security strategies are unequipped to tackle.

Leave a Reply

Your email address will not be published. Required fields are marked *