How To Reduce Spam & Phishing With DMARC

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

Daniel Ingevaldson, CTO, Easy Solutions

February 26, 2015

2 Min Read
<a href=http://commons.wikimedia.org/wiki/File:Email_Icon.PNG#mediaviewer/File:Email_Icon.PNG"Email Icon/a". Licensed under a href="http://creativecommons.org/licenses/by-sa/3.0/" title="Creative Commons Attribution-Share Alike 3.0p/p">CC BY-SA 3.0</a> via <a href="//commons.wikimedia.org/wiki/">Wikimedia Commons</a>.

While email is a mission-critical communication channel for most companies, it has also become an untrusted one. Thanks to spam and phishing scams, users are taught to be wary of incoming messages. This lack of trust impacts a company’s ability to effectively communicate, market, and sell to customers via email. DMARC (Domain Message Authentication Reporting and Conformance) stands to change all that.

Providers of more than 3 billion email boxes have taken up DMARC to help put trust back into email. DMARC is an Internet protocol specification that is going through the IETF standardization process. It provides visibility into email flows, and can tell receiving servers to delete spoofed messages immediately upon receipt, thus ensuring that only legitimate emails are delivered to inboxes.

Nearly every company with a domain name should consider leveraging DMARC to help reduce spam and prevent phishing attacks. Here’s how.

Getting started with DMARC is easy. Any email sender and receiver can use the DMARC rails provided by the global community. Free use of the rails provides access to the critical, raw reporting data that helps you see who is sending email and who is spoofing your brand.

To start, we recommend deploying DMARC in monitoring mode. This is how nearly 100 percent of DMARC deployments on the sender side begin. As an email sender in monitoring mode, you advertise to the Internet that you want all DMARC-compliant email receivers (such as Google, Yahoo, Hotmail, and thousands more) to send you reports on who is sending email reportedly from your domain. That’s all there is to it. No emails are flagged, blocked, rejected, or quarantined.

After you are comfortable with the data collected in monitoring mode and you know that legitimate traffic is passing authentication checks, we recommend that you change your policy to quarantine mode. In quarantine mode, suspicious messages are put aside for review. This allows you to identify all internal and authorized email servers and ensure they are configured properly.

Once you have confidence that no legitimate email is mistakenly quarantined, then you can move to a reject policy. In reject mode, spam and phishing messages are deleted before they reach their destination. It is impossible for spoofed email to be delivered to DMARC-protected email servers. This solidifies the trust relationship between domain-based email sent by you and received by DMARC-protected mailboxes.

As a final step, DMARC should be leveraged as part of a greater threat detection and mitigation strategy. DMARC provides valuable reporting information about the amount and structure of phishing attacks against a customer population. This data can be used to improve visibility into attacks, decrease takedown times and reduce losses related to account takeover. As a result, DMARC helps improve fraud intelligence around targeted attacks on your brand.

About the Author

Daniel Ingevaldson

CTO, Easy Solutions

Daniel Ingevaldson has a 15-year+ career including early infosec innovators like Internet Security Systems (ISS), where he was a member of the famed "X-Force" threat and vulnerability research group, and continued on in various research leadership, engineering, consulting, and strategy roles. After the acquisition of ISS by IBM for $1.4 billion in 2006, Daniel co-founded Endgame in 2008 where he led operations and pioneered novel techniques for emerging, massively scalable computing, database, and analytics technologies to model Internet-scale threats that affected large commercial and government customers. He is experienced and energized by all aspects of building and growing early-stage startups focused on solving unique and challenging problems, especially in the anti-fraud, security, and data analytics markets.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights