Comprehensive email authentication: From DMARC to Business Email Compromise

Comprehensive email authentication: From DMARC to Business Email Compromise

Recognizing whether an email actually originates from its purported sender is often difficult for email recipients. It may even be more challenging to assess whether they have remained unmanipulated during transmission. The SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) standards have long been addressing these issues.

More often than not, these two processes are complemented and rounded off by the application of DMARC (Domain-based Message Authentication, Reporting and Conformance). This specification aims to better protect the senders and recipients of emails from phony senders. In doing so, DMARC acts as a sort of link to SPF and DKIM. It was brought into existence by IT giants such as Google, Yahoo, Microsoft, Facebook, AOL, PayPal and LinkedIn. With growing acceptance and proliferation amongst our enterprise customers, Retarus has opted to implement the standard within the scope of its Email Security Services. We would like to explain below, why it may be useful for companies to rely on all three standards in equal measure when receiving emails.

DMARC complements SPF and DKIM

The DMARC specification was developed to curb the faking of senders and domains, first and foremost through email spoofing. Technically, DMARC builds on SPF and DKIM – to a certain extent attempting to remedy their insufficiencies. While SPF establishes who is permitted to send an email in the name of the company’s own domain, DKIM ensures that the email’s original sender address has not been doctored. By means of DMARC, the domain owner can additionally specify instructions for each sender domain on how the receiving email system should handle the email following the authentication process. And even more importantly, how to proceed if an error occurs.

Abuse automatically reported to domain holder

Following authentication, emails may for instance be rejected automatically or sent to quarantine. The recipient can additionally inform domain holders about suspected abuse of their domains or any problems they may experience with authentication. This function, in particular, also provides a powerful sender-side incentive to employ DMARC, as it enables them to identify attacks carried out using their domain name at an early stage.  The DMARC instructions can simply be added to the corresponding Domain Name System (DNS) entry, where they remain visible for all to see. In future, Retarus will also be validating this information – provided it is required and has been configured by the customer – ensuring consistent verification of the authenticity of emails.

One problem still remains, however. DMARC entries can basically be defined by any domain holder. An independent check is not carried out to ensure that the website is trustworthy and is not being used illegitimately. So, an email may still be sent from a domain which may be similar and difficult for the user to distinguish from a familiar domain (known as domain similarity, this is often achieved through substituting individual letters or using other character sets) – and even be able to show correct SPF and DKIM entries which are confirmed by DMARC. To achieve optimum protection for these cases as well, it is highly recommended to deploy additional security methods such as CxO Fraud Protection to safeguard the organization from Business Email Compromise.

Find out more about this critical topic directly from your personal contact person or Retarus’ technical support

Tags:

Submit a Comment

Your email address will not be published. Required fields are marked *