Cyber Security Blog

Fighting Cyber Fraudsters with DMARC

Written by Amar Singh | 5 December 2017
Would you believe IBM’s claim that half of all email traffic worldwide may be malicious!? (IBM Threat Intelligence Index 2017). Even the UK’s tax collector, HMRC, found themselves at the mercy of cyber fraudsters and were labelled as the most abused and phished domain. Over half a billion unauthorised and spoofed emails a year were sent from their domain (source: HMRC).

In this short piece, aimed at a predominantly non-technical management audience, I discuss the following

  1. HMRC's email fraud problem and how they solved it.
  2. DMARC and its benefits to your business.
  3. A brief introduction to DMARC (not technical).
  4. Benefits of using a managed service approach to DMARC. 
  5. How you can check if your email domain is DMARC enabled.

 

What did HMRC do?

To repair their damaged reputation, HMRC’s former CISO and a long-standing friend of Cyber Management Alliance adopted DMARC and within 12 months, significantly reduced the number of spoofed emails! Now this is where it gets really interesting. 

Benefits of DMARC

Enabling DMARC not only cut down HMRC's spoofed emails (emails that fraudsters were sending to customers), it enabled them to dramatically increase email deliverability rate by up to 400%. Now, imagine the expressions on the faces of your marketing team when they hear that DMARC will:

  • Increase email deliverability by up to 400% or more - imagine the business benefits!
  • Greatly reduce the chances of your domain being put on the SPAM register!
  • STOP fraudulent emails using your domain from being delivered to your clients and customers

As you know, we at Cyber Management Alliance are passionate about making the Internet a safe place for businesses and consumers.  Some of the questions that DMARC can help you answer include:

  • How many fraudsters are impersonating your domain to commit cyber fraud?
  • How many emails these fraudsters are sending?
  • How many marketing agencies are sending email on your behalf?
  • Are you able to block these fraudsters that are damaging your brand?
  • Can you increase the deliverability of your emails to customers?

DMARC’s role is crucial enough that, in the UK, it has been made mandatory by the NCSC/GCHQ for all UK government departments.

How Does DMARC Work? 

In a nutshell, the receiving server has the responsibility to ensure the email it has received complies with your DMARC policy. It's actually that simple. All right, there is more detail around this but basically DMARC is, to a certain extent, dependant on the receiving server. The good news is that most popular email providers including Gmail, Outlook.com, Microsoft and Yahoo (yes, people still use Yahoo, don't ask me why) all support DMARC and will make the necessary checks. 
 
Sample DMARC: v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@dmarcdomain.com
(V) Protocol version - DMARC1.
(P) - Policy - quarantine or reject.
(PCT) - Percentage of mail subject to filtering - 0 - 100.
(RUA) - Report URI of aggregated reports - Email Address.
(RUF) - Report URI of forensic reports - Email Address
 
For DMARC to be successful, it requires SPF and DKIM (or at least the former) to be implemented on your domain.
 

 

Sender Policy Framework 

SPF (Sender Policy Framework) is a DNS record which lists all the IP address and/or host names of email servers which are permitted to send emails from your email domain. When a recipient email server receives an email from your email domain, it checks the IP address or host name it is receiving the email from against those listed in your SPF.
  

DomainKeys Identified Mail, or DKIM, uses cryptography to prove that the email header and/or body of an email is correct at the point of sending and receipt, and determines the sender is indeed the owner of the email domain.

DMARC-as-a-Service or DIY? 

You can implement DMARC yourself if you have the time and the skilled resources to manage it. You will need to understand and make sense of the XML data, and create and display the valuable output you get from DMARC implementation.

Or, you can do what our business does and use Advanced Cyber Solutions, our partners for implementing  DMARC-as-a-Service. In our opinion, using a managed service provider has several benefits including:

  • Make setting up DMARC really straightforward.
  • Saving you time and the headache in interpreting the output.
  • Having a management-ready dashboard to gain useful and actionable insights.

A sample of what a managed service provider offers.

Is my email domain DMARC-enabled?

By now, you and I can agree that most cyber criminals are a deceitful bunch and they will continue to use emails and email-spoofing as their primary method of attack. As a first step, I urge you to check if your email domain is using DMARC via the link below. If DMARC is not enabled on your domain, it should be!