It is more than a month since many of us travelled by air. But we can still remember how the security officer stopped us at the gate to check our tickets/boarding passes and compared it with our identification documents. The security officer matches our name in the ticket/boarding pass with our identification documents like driving license or passport. He allowed us if the details matched or stopped us from going inside if the details did not match.

Now take the case of emails. Even though the email provider knows that the incoming email is a spoof email, they still allow it. This email is delivered either in the inbox or in the bulk/junk folder. In this current COVID-19 situation, the number of spoof emails sent increased substantially. Many are falling victims and are losing their previous earnings. Losses due to compromise of the email system or user are high - according to a 2016 report from the FBI, approximately the amount lost to CEO Email Scams is $2.3 billion. The email is the most common vector in over 90% cyber-attacks across the world.

But why are they delivering this spoof email and not rejecting just like what the security officer did? Because there is no such rule written for email.

Email Spoofing is a method where the sender makes it appear that the message originated from someone or somewhere and not from the actual source. It is a popular method used in phishing and spam campaigns because unsuspecting people will open emails, thinking that they came from known or reliable sources.

Organizations can stop spoof emails impersonating as them from reaching their customer’s inbox or junk/bulk folder by enabling DMARC.

What is DMARC?

To fight email spoofing, a group of leading organizations came together to collaborate on a method to combat email spoofing at internet-scale.

The founding contributors included:

·      Receivers: AOL, Comcast, Gmail, Hotmail, Netease, Yahoo! Mail

·      Senders: American Greetings, Bank of America, Facebook, Fidelity, JPMorgan Chase & Co., LinkedIn, PayPal

·      Intermediaries & Vendors: Agari, Cloudmark, ReturnPath, Trusted Domain Project

The primary mission was two-fold:

1. Enable senders to publish easily discoverable policies on unauthenticated email  

2. Enable receivers to provide authentication reporting to senders so that they can improve and monitor their authentication infrastructure

The common goal for the group was to develop an operational specification, with the desire that it would be able to achieve formal standards status. The result was –the creation of an email authentication protocol - Domain-based Message Authentication, Reporting, and Conformance, commonly referred to as DMARC.

The Protocols, Explained

The authentication protocols enable the elimination of email spoofing and the integrity of the email, and its sender is established. To achieve this, DMARC and the following components should be configured.

1.    DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor the protection of the domain from fraudulent email.

2.    Domain Keys Identified Mail (DKIM) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature.

3.    Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. With SPF, an organization can publish authorized mail servers.

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa