DMARC, the Solution for your Phishing Problems

Phishing attacks are a significant threat to any company. It may significantly harm the brand and reputation, as well as cause clients to lose faith and leave. The attackers can spam or phish using your brand logo and emails that look exactly like yours. Even you won't be able to tell the difference between a fake email and one received from your servers. SPF has been already discussed in terms of how it validates the outgoing mail server. Another DKIM technology is used for email signatures. Both are used by Domain-based Message Authentication (Dmarc) to support popular actions. Double protection to reduce the risk of phishing and a monitoring system to help with the management.

Why SPF and DKIM are not enough?

The objective of SPF - Sender Policy Framework is to validate the senders' servers. The receivers look up the IP address in the SPF record. It should be the same as the IP address of the sender's domain.

An issue with the SPF record is that it only applies to the domains' return paths, not to the domain that appears in the "From" field on the user interface. DMARC corrects this issue by aligning, or matching, the visible "From" and the SPF-authenticated server.

DomainKeys Identified Mail (DKIM) is an acronym for DomainKeys Identified Mail. DKIM can be used by the owner to sign the emails that it sends. In the header of the emails, there will be extra data (encrypted) that can be confirmed using DNS. This technology isn't perfect either. Many businesses fail to rotate the key, which may be a major issue. Another issue that DMARC addresses is this. It comes with rotating keys.

DMARC

DMARC is a protocol for authentication, policy, and reporting. It uses both SPF and DKIM, as well as connection to the "From" domain name, procedures for processing incoming email in the event of failure, and, most importantly, a sender report. The sender will be able to see whether there is an issue and take action as a result.

The primary goal of DMARC is to prevent direct domain spoofing. If an attacker attempts to send email from an address that is not authorized, DMARC will identify and prohibit it.

How does DMARC works?

We've already mentioned that DMARC uses policies. They are set by the administrator, who defines the email authentication processes and what the receiving email server should do if an email violates a policy.

When the receiving email server gets a new email, it makes a DNS lookup to check the DMARC. It will look for:

• If the DKIM signature is valid.
• The IP address of the sender, if is one of the allowed by him (SPF record).
• If the header shows proper "domain alignment".

With all of the above in consideration, the server DMARC policy to accept, reject or flag the email.

In the end, the server will send a message to the sender with a report.

Benefits for the sender of the email

• Shows that the email uses authentication – SPF, and DKIM.
• Receives a feedback about the sent email.
• Policy for failed email.

Benefits for the receiver of the email

• Provide authentication for the incoming emails
• Evaluating the SPF and DKIM
• See what the sender prefer – policy
• Returns feedback to the sender

Conclusion about DMARC

DMARC can significantly reduce the number of spam and fraud emails. It isn't completely bulletproof, but it provides far more protection than the other two options - SPF and DKIM. It's also nice to have reporting.

EmailAuth Suite is one of the world's best platform for Email Authentication and has been serving customers since the introduction of DMARC in 2012.