{"id":7063,"date":"2022-03-01T17:35:11","date_gmt":"2022-03-01T15:35:11","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/comprehensive-email-authentication-from-dmarc-to-business-email-compromise"},"modified":"2024-05-07T11:22:41","modified_gmt":"2024-05-07T09:22:41","slug":"comprehensive-email-authentication-from-dmarc-to-business-email-compromise","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/comprehensive-email-authentication-from-dmarc-to-business-email-compromise\/","title":{"rendered":"Comprehensive email authentication: From DMARC to Business Email Compromise"},"content":{"rendered":"\n

Recognizing whether an email actually originates from its purported sender is often difficult for email recipients. It may even be more challenging to assess whether they have remained unmanipulated during transmission. The SPF (Sender Policy Framework)<\/strong><\/a> and DKIM (DomainKeys Identified Mail)<\/strong><\/a> standards have long been addressing these issues.<\/p>\n\n\n\n

More often than not, these two processes are complemented and rounded off by the application of DMARC (Domain-based Message Authentication, Reporting and Conformance)<\/strong>. This specification aims to better protect the senders and recipients of emails from phony senders. In doing so, DMARC acts as a sort of link to SPF and DKIM. It was brought into existence by IT giants such as Google, Yahoo, Microsoft, Facebook, AOL, PayPal and LinkedIn. With growing acceptance and proliferation amongst our enterprise customers, Retarus has opted to implement the standard within the scope of its Email Security Services<\/a>. We would like to explain below, why it may be useful for companies to rely on all three standards in equal measure when receiving emails.<\/p>\n\n\n\n

DMARC complements SPF and DKIM<\/h2>\n\n\n\n

The DMARC specification was developed to curb the faking of senders and domains, first and foremost through email spoofing<\/a>. Technically, DMARC builds on SPF and DKIM \u2013 to a certain extent attempting to remedy their insufficiencies. While SPF establishes who is permitted to send an email in the name of the company\u2019s own domain, DKIM ensures that the email\u2019s original sender address has not been doctored. By means of DMARC, the domain owner can additionally specify instructions for each sender domain on how the receiving email system should handle the email following the authentication process. And even more importantly, how to proceed if an error occurs.<\/p>\n\n\n\n

Abuse automatically reported to domain holder<\/h2>\n\n\n\n

Following authentication, emails may for instance be rejected automatically or sent to quarantine. The recipient can additionally inform domain holders about suspected abuse of their domains or any problems they may experience with authentication. This function, in particular, also provides a powerful sender-side incentive to employ DMARC, as it enables them to identify attacks carried out using their domain name at an early stage.  The DMARC instructions can simply be added to the corresponding Domain Name System<\/a> (DNS) entry, where they remain visible for all to see. In future, Retarus will also be validating this information \u2013 provided it is required and has been configured by the customer \u2013 ensuring consistent verification of the authenticity of emails.<\/p>\n\n\n\n

Complementing with Advanced Threat Protection recommended<\/h2>\n\n\n\n

One problem still remains, however. DMARC entries can basically be defined by any domain holder. An independent check is not carried out to ensure that the website is trustworthy and is not being used illegitimately. So, an email may still be sent from a domain which may be similar and difficult for the user to distinguish from a familiar domain (known as domain similarity, this is often achieved through substituting individual letters or using other character sets) \u2013 and even be able to show correct SPF and DKIM entries which are confirmed by DMARC. To achieve optimum protection for these cases as well, it is highly recommended to deploy additional security methods such as CxO Fraud Protection<\/a> to safeguard the organization from Business Email Compromise.<\/p>\n\n\n\n

Find out more about this critical topic directly from your personal contact person or Retarus’ technical support<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

For the recipient, it\u2019s often difficult to recognize whether an email actually originates from its purported sender. Standards such as SPF, DKIM and DMARC as well as Email Security Services can help to detect attacks that use fake sender names.<\/p>\n","protected":false},"author":12,"featured_media":10049,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[78,9,15],"tags":[102],"dipi_cpt_category":[],"class_list":["post-7063","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry","category-product-news","category-security","tag-email-security"],"acf":[],"yoast_head":"\nSchutz vor BEC: Umfassende Authentifizierung mit DMARC und Co<\/title>\n<meta name=\"description\" content=\"Standards wie SPF, DKIM und DMARC und E-Mail Security Services k\u00f6nnen dabei helfen, Angriffe unter falschem Namen zu identifizieren.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Comprehensive email authentication: From DMARC to Business Email Compromise\" \/>\n<meta property=\"og:description\" content=\"F\u00fcr Empf\u00e4nger ist es oft schwierig zu erkennen, ob E-Mails tats\u00e4chlich vom vorgegebenen Absender stammen. Standards wie SPF, DKIM und DMARC und E-Mail Security Services k\u00f6nnen dabei helfen, Angriffe unter falschem Namen zu identifizieren.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-01T15:35:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T09:22:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1035\" \/>\n\t<meta property=\"og:image:height\" content=\"582\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"S\u00f6ren Schulte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"E-Mail Authentifizierung: Von DMARC bis Business Email Compromise\" \/>\n<meta name=\"twitter:description\" content=\"Standards wie SPF, DKIM und DMARC und E-Mail Security Services helfen Empf\u00e4ngern, Angriffe unter falschem Namen zu identifizieren.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"S\u00f6ren Schulte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/\",\"name\":\"Schutz vor BEC: Umfassende Authentifizierung mit DMARC und Co\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg\",\"datePublished\":\"2022-03-01T15:35:11+00:00\",\"dateModified\":\"2024-05-07T09:22:41+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d\"},\"description\":\"Standards wie SPF, DKIM und DMARC und E-Mail Security Services k\u00f6nnen dabei helfen, Angriffe unter falschem Namen zu identifizieren.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg\",\"width\":1035,\"height\":582},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Comprehensive email authentication: From DMARC to Business Email Compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d\",\"name\":\"S\u00f6ren Schulte\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/sschulte\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Schutz vor BEC: Umfassende Authentifizierung mit DMARC und Co","description":"Standards wie SPF, DKIM und DMARC und E-Mail Security Services k\u00f6nnen dabei helfen, Angriffe unter falschem Namen zu identifizieren.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/","og_locale":"en_US","og_type":"article","og_title":"Comprehensive email authentication: From DMARC to Business Email Compromise","og_description":"F\u00fcr Empf\u00e4nger ist es oft schwierig zu erkennen, ob E-Mails tats\u00e4chlich vom vorgegebenen Absender stammen. Standards wie SPF, DKIM und DMARC und E-Mail Security Services k\u00f6nnen dabei helfen, Angriffe unter falschem Namen zu identifizieren.","og_url":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2022-03-01T15:35:11+00:00","article_modified_time":"2024-05-07T09:22:41+00:00","og_image":[{"width":1035,"height":582,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg","type":"image\/jpeg"}],"author":"S\u00f6ren Schulte","twitter_card":"summary_large_image","twitter_title":"E-Mail Authentifizierung: Von DMARC bis Business Email Compromise","twitter_description":"Standards wie SPF, DKIM und DMARC und E-Mail Security Services helfen Empf\u00e4ngern, Angriffe unter falschem Namen zu identifizieren.","twitter_misc":{"Written by":"S\u00f6ren Schulte","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/","url":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/","name":"Schutz vor BEC: Umfassende Authentifizierung mit DMARC und Co","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg","datePublished":"2022-03-01T15:35:11+00:00","dateModified":"2024-05-07T09:22:41+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d"},"description":"Standards wie SPF, DKIM und DMARC und E-Mail Security Services k\u00f6nnen dabei helfen, Angriffe unter falschem Namen zu identifizieren.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/authentification.jpg","width":1035,"height":582},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/umfassende-e-mail-authentifizierung-von-dmarc-bis-business-email-compromise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"Comprehensive email authentication: From DMARC to Business Email Compromise"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d","name":"S\u00f6ren Schulte","url":"https:\/\/www.retarus.com\/blog\/en\/author\/sschulte\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=7063"}],"version-history":[{"count":15,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7063\/revisions"}],"predecessor-version":[{"id":10449,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/7063\/revisions\/10449"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/10049"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=7063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=7063"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=7063"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=7063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}