Hackers and spammers use email to deliver malware, phishing attacks, and spam to millions of users. Lower-level threat actors will create a throwaway email account (for example a free Gmail) and set the name on it to be the same as someone you may know. The more sophisticated threat actors, however, take it a step further and can mask your email address also known as spoofing so that it shows exactly the same as one you are familiar with making it undistinguishable from the real one. So what can be done to help combat this? Below are some ways you can help protect your organization.
SPF
By default, most modern email systems utilize SPF (Sender Policy Framework) to verify if an email address is sending from an authorized mail server. This is done by adding a DNS record to your website domain. When an email is sent, the receiving party checks the sender’s mail server and checks the DNS record on your website to see if it matches.
DKIM
Similar to SPF, DKIM (DomainKeys Identified Mail) operates the same way except instead of checking if it’s coming from a specific mail server, it creates a secret key and attaches it when you send an email, then the receiving party compares this secret key with your DNS record to verify that nothing has changed from when you sent the email to when they received it. This helps prevent emails from being altered or infected while being delivered.
DMARC
With SPF and DKIM configured, you can create a rule in your DNS that tells those receiving emails from your website domain, what to do in the event one of these methods don’t pass the check. For example, you can state on your website’s DNS that if someone receives an email from someone with this address and the SPF and DKIM check fails, to mark the email as spam. This helps prevent threat actors from pretending to be you. You can also use a free DMARC service like www.postmarkapp.com to get weekly alerts about who has been trying to send emails as if they were you.
Email Filtering
These tools do a great job to help prevent someone sending emails as if they were you (spoofing), but what about protecting your organization from incoming emails that aren’t from your domain? How do you know if someone sending YOU an email is legitimate?
While you can help protect the credibility of emails from your domain, you can’t set these tools up for others. That’s up to the owner of each domain to do. This is where email filtering comes in. An email filtering service like Avanan will use different methods to verify the credibility of each email received. These services accomplish this through a couple methods. First, they check the DMARC record to see if it passes. They also utilize a large repository that has a list of known spam and malicious emails and block anything on this list. Additionally, some of the more advanced email filtering services can utilize AI to scan the contents of an email and determine if it’s malicious or not. Some of these include scanning the words within the body of the email, links, and attachments.
By implementing these tools, you can help safeguard your organization from email threats, protecting you from financial and reputational damage. If you’re not already using these tools, you should be. Reach out to SCYBER today for a free consultation and review of your email security.