Why Combatting Phishing and External Threats Require More Than Just DMARC

Share Button

Email authentication is a pillar to effective digital threat protection, but it shouldn’t stand alone. The latest example solidifying the need to go beyond authenticating emails comes from an attack leveraging the United States Postal Service (USPS) brand.

Here’s what happened: Fraudsters sent phishing emails to potential victims saying a package could not be delivered and the person should click on a link in the email. The email said the link would take the receiver to the USPS website to sort out the problem, but the link was obviously not legitimate, as with all phishing links.

Phishing Example

In a world where cybercrime pays, this kind of phishing campaign happens all the time. So what? The reason this kind of attack is so alarming is because the USPS uses DMARC, an email authentication protocol that stands for Domain-based Message Authentication, Reporting and Conformance. Cybercriminals knew the USPS implemented DMARC so the fraudsters got creative and found a way around this widely-used email authentication protocol.

Every Action Triggers Fraudster Reaction

When DMARC is implemented correctly, it automatically rejects any phishing emails leveraging the domain of a legitimate organization. In the case of the USPS, fraudsters were forced to use a cousin domain, or similar domain, because they knew any email sent from the USPS’s identical domain would be rejected by DMARC and never reach the inboxes of potential victims. We know fraudsters were privy to fact that USPS had DMARC because Easy Solutions and other companies provide free tools that verify if a domain has DMARC. The picture below is a prime example, showing how the action of implementing DMARC creates a fraudster reaction of skirting around email authentication.

DMARC Explorer

Going Beyond Email Authentication  

The case of the USPS shows p=reject (a DMARC function that allows organizations to deny illegitimate emails using their domains) simply doesn’t solve the email phishing challenge and doesn’t provide robust digital threat protection. Fraudsters are always finding new ways to send phishing emails to potential victims while leveraging domains of real organizations.

Moreover, only 30 percent of email fraud is performed through spoofing identical domains, according to the Anti-Phishing Working Group. Fraudsters are much more likely to use cousin domains or implement tactics such as subject line spoofing, display name spoofing or email account spoofing. This means there’s a desperate need for organizations to implement a holistic approach to stopping digital threats.


That holistic approach most definitely should include implementing DMARC, as well as a system that actually measures the effectiveness of email security actions. It should also include the following recommendations to ensure organizations are best-protected from an array of different attacks through a variety of different channels:

  • Implement a system that doesn’t just identify threats, but rapidly takes them down as well. This will minimize the impact of an attack on customers and employees.
  • Don’t limit the attack monitoring process to the email channel. Expand to monitoring potential threats through social media channels, websites, the Dark Web and more.
  • Monitor third-party application stores to ensure fraudsters are not creating malicious apps that leverage the brand or image of legitimate brands.
  • Utilize a machine-learning protocol that analyzes data at scale to find and eliminate threats as quickly as possible.
  • Measure similar domain registration as this could be an indicator that criminals plan to use the domains in future phishing campaigns.

Above all else, an effective digital threat protection strategy should include a proactive, multi-layered approach that addresses the entire fraud life cycle.

Related Posts

Cyxtera Helps Global Bank Shut Down Malware Injection Attacks Cybercriminals are nothing if not persistent. A large financial institution with a global presence has been experiencing a series of sophisticated malware injection attacks – despite the steady failure rate, the cybercriminals behind the attack campaign continue to persist.
The Fraud Beat 2018 – The Latest Attacks and Trends The threat has never been greater – attacks are reaching unprecedented levels of complexity and criminals are ever more innovative in their fraud strategies.

Leave a Reply

Your email address will not be published. Required fields are marked *