• ProgIST CyberSec Division

ProDMARC - Mastering email security with DMARC



We all know the greatest way for hackers to access our networks is through phishing attacks and email phishing scams. If a single user clicks on any malicious email attachment, ransomware, crypto-jacking, data leaks or privilege escalation vulnerabilities may compromise an entire enterprise. To try to minimize these opportunities, a variety of security protocols have been invented over the years.

This is particularly needed today when a lot of us are working from home and need all the security we can for our email.


The good news is that you now have options for implementing enhanced security protocols that will shield you from malicious emails for a long time. Perhaps better, whether you are the recipient or the sender, these enhanced protocols will shield you.


The different solutions are actually very complementary to each other. Chances are high that all three of them will be needed by the average business. The three solutions are:

  • Sender Policy Framework (SPF), which hardens the DNS servers and limits who can send your domain emails.

  • DomainKeys Defined Mail (DKIM), which guarantees that your email content remains trustworthy and has not been manipulated or compromised.

  • Domain-based Message Authentication, Reporting and Conformance (DMARC), which links the first two protocols together with a consistent set of protocols.


What is SPF?


The Sender Policy Framework (SPF) hardens and limits who can send emails from your domain to your DNS servers. SPF can prevent spoofing of domains. This helps the mail server to evaluate when a letter is sent from the domain it uses. SPF has three key elements: a policy structure as the name suggests, a system of authentication, and specialized headers that express this information in the actual email itself.


What is DKIM?

DomainKeys Defined Mail (DKIM) guarantees that your email content remains trusted and has not been manipulated or compromised. It was first proposed in 2007 and has been revised on many occasions, most recently last month with IETF standard 8301. SPF and DKIM were both revised in 2014 to the IETF standard 7372.


What is DMARC?


Domain-based Message Authentication, Reporting, and Conformance, DMARC configuration connects the first two protocols together with a standard set of policies. It also connects the domain name of the sender with what is specified in the From header and has some better reporting from mail recipients as well. It was proposed in 2015 as IETF standard 7489.


Not only for recipients, DMARC protects the outgoing emails for senders in businesses too. A sender address is allocated to outgoing messages by the client application; outgoing email servers have no way of knowing whether the sender address is legitimate or spoofed.

Recipient servers and email phishing tools like DMARC can help detect and filter the spoofed messages.


Reasons for these protocols


Phishing attack prevention is a part of the explanation for the three different protocols. It has to do with the fact that each one solves a very different piece of the email puzzle. This is done by a combination of standard authentication and encryption tools, such as signing public and private keys and inserting unique DNS records to authenticate emails from your domains.


The evolution of the Internet email protocols themselves is another reason. It was mainly used by university researchers back in the early days of the Internet, where everyone knew the other’s name and trusted each other. Unfortunately, those days are long gone.


The message headers (such as the addresses To: and From: and Bcc:) were intentionally isolated from the actual message content itself. This was an attribute. But for IT administrators of the modern age, the separation has brought new worlds of pain.


You can be sure that messages can not be easily forged and that you can block them from ever darkening the inboxes of your users if your email infrastructure implements all three protocols properly.


Some complications...


Let’s look at the complicating factors.


First are the disappointing surveys on usage. While a Google survey showed that some security was used by 85 percent of received emails in its Gmail infrastructure, that is not true for the average email user of the company. A consultancy study by a leading email analytics and deliverability platform analyzed 21,000 of the top global domains and found that two of the three protocols have been implemented by just 20 percent. This agrees with another study, which indicates that DMARC implementation is properly used by just 15 percent of the F500, although the amount has doubled from a year ago.


Next, it is not easy to set up DMARC and the implementation is prone to a lot of operator errors. For example, you have to set it up for any domain and subdomain you own for SPF and DMARC email protection to operate. The configuration can become repetitive very quickly if your organization runs a lot of domains or subdomains. And you have to make sure that the correct DNS entries also protect every subdomain.


They have instructions about DKIM and how to create your domain key if you are using Google for your email. They have suggestions about how to configure the different DNS records if you are using cPanel to administer your domain. When you think you are done, you can use an online tool to verify that your email headers contain the appropriate DKIM keys.


Although there are resources to support it, it will take very advanced skills to get it configured. Even your corporate DNS guru might not be familiar with the commands needed by each protocol, since they are not commonly used and their syntax can be difficult to get exactly right. Setting up the protocols in a particular order can help.


All your email-consuming apps need to be monitored. You will not know how many different parts of your own infrastructure communicate with your email system when you first begin implementing these protocols.


Why are authentication protocols so important?


Many organizations think that a perfect way to serve their clients is by sending them bulk emails. Bulk emails containing significant service changes, recall notices, upgrade alerts, and other essential business details are efficient ways to keep clients up-to-date about how they will continue to profit from your business. Legitimate telemarketers seeking to hit their client targets with useful sales details are other organizations invested in sending bulk emails.


Unfortunately, as phishing attacks and spam emails are constantly growing, many organizations take an over-protective role in terms of incoming emails, particularly if they appear to be part of a mass mailing. This can contribute to the sending of significant, legitimate emails to spam folders where they will remain unread, or be fully rejected.


These protocols are being applied to their filtering methods by several email providers, including Google and Microsoft. It is expected that this will go a long way towards strengthening a safe and secure email environment. Logging into your domain registrar to configure your DNS settings requires setting up the files required for these protocols.


This might need the help of technical professionals. If your in-house IT team is unprepared to handle this, contact any professional help you have an agreement with, or consult for assistance with a managed IT service provider. ProgIST believes in protecting both your and your clients’ email rights and privacy. ProDMARC helps you implement email authentication with DMARC to stop fraudsters from misusing your domain. Get Started with top-class cybersecurity solutions for your business at ProgIST.


  • LinkedIn
  • Twitter
  • Facebook

© 2020 by Progist.