If you follow cybersecurity news, you’ve been seeing DMARC come up a lot recently, with reports that DHS will be looking at federal agency use of DMARC, vendors lagging on implementing DMARC, and calls for organizations to finally stamp out fake emails. But what is DMARC, and how does it differ from SPF and DKIM? What protection does DMARC offer?
Why is DMARC Necessary?
Hackers are constantly looking for ways to penetrate networks through phishing and other means of social engineering. With the ubiquity of email in organizations today, email is a cheap and easy path to infiltration. Historically, email has been very easy to spoof, allowing hackers to send emails that appear to be sent from trusted sources. If users can’t identify the forged email from the real one, they are far more likely to act on the message and allow hackers access.
What is DMARC and How Does It Work?
DMARC, or Domain-based Message Authentication, Reporting & Conformance, originated in 2012 and is designed to protect against domain spoofing. DMARC leverages two existing authentication methods, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), but provides an additional level of protection. DMARC is an additional DNS record that specifies which authentication method(s) are in use and specifies how the receiver of the email should handle the email if the specified authentication method(s) fail. The majority of large email providers are set up to perform a DMARC check before accepting an email. By performing these checks, the email provider knows what authentication methods should be present (SPF, DKIM, etc.) and reject messages that fail if so specified by the domain’s DMARC record.
What’s the Benefit to an Organization of Implementing DMARC?
Implementing DMARC is a crucial step in protecting your brand by preventing malicious actors from impersonating your domain in emails, and may boost your sender reputation scores, which can affect deliverability rates. DMARC adds trust that the “header from” accurately matches the sender’s domain. By monitoring DMARC reports, you can also can visibility into the senders who are sending mail from your domain to identify potential issues. Adopting DMARC promotes an industry standard of dealing with unauthenticated emails, which ultimately helps to protect all email users from spoofed malicious emails.
To learn more about DMARC and how to implement, check out https://dmarc.org.
What Does DMARC Not Provide? What Else is Needed?
Implementing DMARC is an important proactive step to help ensure your email domain is not spoofed. However, it doesn’t help prevent spoofed emails or phishing emails from landing in your user’s inbox from organizations who have not chosen to implement DMARC on their domains. It’s critical to continue to educate users on how to identify and report suspicious emails. And since some users will still inevitably click on phishing emails, it’s important to implement an effective security program; one that combines security best practices such as 24x7 security monitoring, vulnerability management and patch management to identify and remediate potential security issues as quickly as possible before they become data breaches.
For organizations with lean IT teams challenged with implementing security best practices within limited budgets, Cygilant’s SOCVue combines cutting-edge SaaS-based technology with a best-in-class Global Security Operations Centers (GSOC) and best practices for an enterprise-class security program.