Prevent Email Spoofing with DMARC

Dec 15 / Gwen Bettwy
The Federal Bureau of Investigation (FBI) announced in 2019 that business email compromise (BEC) had cost businesses internationally between June 2016 and July 2019 over $26 billion. BEC is an attack that convinces someone to transfer funds to a bad actor by pretending to be the chief executive officer (CEO) or chief financial officer (CFO). Domain-based message authentication, reporting, and conformance (DMARC) protocol can solve these CEO email fraud attacks and help with phishing attacks.

A vulnerable example company is Boeing. Chris Kubecka found that Boeing had a test development network publicly visible on the web and a malware-infected email server in April 2019. To compound the issue, they didn't have a DMARC record for their email domain to prevent email spoofing attacks. Not having a DMARC record can lead to bad actors launching phishing campaigns from a spoofed company email address to target its employees, suppliers, and customers. Imagine the trouble a bad actor could have caused: stealing money or sending an email saying that a problem with a plane had been fixed, causing it to be used for a flight that ended up being a deadly mistake.

What is DMARC?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol built on top of the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) standards that aim to prevent and detect spoofing attacks. 

SPF and DKIM work to define trusted source email systems and prevent in-transit email header modification. Using those two standards, DMARC provides a central interface for communicating domain policies and appropriate responses for remote mail systems to perform when messages do not satisfy the DNS-published policies supported by DMARC.

With DMARC, if a message fails to pass a SPF or DKIM test, remote mailing systems can communicate the existence of any misaligned messages to the domain owner. DMARC also provides the capability to integrate with anti-spoofing and anti-malware software solutions.

Why is DMARC important?

Authenticates genuine emails.

DMARC correctly authenticates email messages by checking them against SPF and DKIM standards, allowing valid transmissions or blocking fraudulent activity. With DMARC, you can instruct mail providers to either quarantine (deliver but move to the 'Spam' folder) or reject (do not deliver) messages that fail the DMARC authentication protocol.

You can also use the 'none' policy to monitor DMARC for messages that do not comply with the protocol. We recommend only using the 'none' policy to gain insight before activating 'quarantine' or 'reject' policies that ensure emails from valid sources get to the correct recipients.

Protects against email spoofing.

Bad actors that can spoof emails from a target's domain are a widespread problem, and 80 percent of company domains do not have DMARC protection. Email spoofing can lead to malware infections, intellectual property exfiltration, financial fraud, identity theft, and more. However, DMARC can mitigate email spoofing.

DMARC confirms that the 'Envelope FROM' (the origin email address) matches the 'Header FROM' (the email address inputted in the 'From' field) to prevent spoofing attempts.

Conclusion
Not having DMARC in place can put the integrity of your email communications at risk, especially if bad actors gain the ability to spoof your domain and send emails to your employees and customers with malicious code while masquerading as management. Without the proper installation of a DMARC record, email can go unauthenticated without insight and reporting.

At Inspectiv, we are here to help protect your business from both known and unknown threats. Our program managers work with you and our security researchers to identify, verify, and validate security gaps in your web and mobile application infrastructures, such as a missing or misconfigured DMARC record, which can lead to email spoofing and phishing attacks.

Inspectiv manages the entire vulnerability discovery process—there's no need to hire pricey in-house security testers or penetration testing consultants. Inspectiv provides you with actionable information to resolve vulnerabilities so that you can avoid security incidents in the first place.

Contact us to learn how the Inspectiv security platform can assist in safeguarding your business from the constant security threats that are attempting to exploit your applications.