What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a validation system for email, which allows email spoofing to be detected and prevented.  It provides unprecedented visibility into legitimate and fraudulent mail sent using a company’s domain names.  DMARC is built on top of two existing email standards: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).  While SPF and DKIM do help to identify fake emails, neither protocol provides a report on what messages are being rejected and why.  DMARC solves this problem by removing the guesswork from how the receivers handle failed messages.

DMARC has three settings: monitor; quarantine; and reject, and organizations need to decide how forceful they want to be when handling unauthenticated emails.

When a receiving mail server receives an email, it uses DNS lookup to check for the authentication instructions for that domain and checks the key factors within.  If the email is deemed legitimate, it is delivered. If it fails the checks, the email is considered to be illegitimate, and the receiver follows the sender’s instruction as to how to handle the failure – monitor, quarantine or reject.

Do businesses use DMARC?

Most companies aren’t using technology effectively to combat phishing, and this is contributing to a growing distrust in email. 500+ online businesses were evaluated by the US Federal Trade Commission Office of Technology Research and Investigation (OTech), and while 86% of them use both Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate emails, only one-third employ DMARC to verify whether an email is actually from the domain it claims to be from.  Of the businesses that have implemented DMARC, less than 10% are using the strongest available setting, which instructs the receiving mail server to “reject” unauthenticated messages.

In recent years, the UK’s National Cyber Security Centre has pushed for the adoption of DMARC across the UK government and public sector through the Active Cyber Defense program. The US Department of Homeland Security also followed suit, as have tech giants like Google and Microsoft.  Uptake in the corporate sector, however, has been a slow burn.  Too many companies don’t see the value in protecting their domains, and this gives criminals free rein to a vast amount of domains, which they use as the conduit for sending legitimate-looking emails to trick an unsuspecting member of the public, or someone within your company, leading to compromised security.

DMARC is not difficult to implement. Most businesses already use SPF and DKIM on their mail servers.  Setting up DMARC is a simple as making a few text changes to the mail server and creating a DMARC record, which is saved to the DNS entry for the relevant Domain.

What’s in it for my business?

So, what are the benefits of implementing DMARC?  The main one is that DMARC really works!  As an example, the UK Government, in particular HM Revenue & Customs (HMRC), successfully implemented DMARC on one of the most scammed domains in existence – HMRC.gov.uk. The outcome was mind-boggling, with spoofed emails reduced by half a billion. That’s right – half a billion fake emails were blocked from being delivered.

DMARC has two aspects. It prevents spoofing of your domain, which is great, but the more valuable aspect is that it authenticates your legitimate emails and prioritizes delivery into the recipients’ inbox. If you implement DMARC, it is more likely that your genuine marketing emails will be delivered into the inbox rather than into the Junk Mail folder.  DMARC can make marketing campaigns and genuine emails far more effective, which means a greater Return On Investment (ROI). If marketing emails are delivered, there is a greater chance they’ll be read and this allows a better chance of peaking interest.

Not only was HMRC able to reduce spoofing by half a billion emails, they also improved delivery rates of genuine emails from 18% to 98%, all through the implementation of DMARC. Imagine what a guaranteed email delivery rate of 98% could do for your business.

Adopting DMARC also has a flow-on effect to other areas of your business.  As well as reducing internal fraud, implementing DMARC can also stop fraudulent emails from being delivered to your customers.  By stopping criminals from spoofing your legitimate domain, it lessens the success rate of spear-phishing attacks (where a criminal spoofs a CFO’s email address to send financial transaction instructions to payroll staff). – If someone tries to spoof a domain with DMARC, the email simply won’t be delivered. DMARC also stops criminals from domain-spoofing to send outgoing phishing emails to the masses. Implementing DMARC can preserve your brand equity, eliminate customer support costs related to email fraud, and make email an effective communication method again, which is something that is seriously lacking at the moment.

How Takedown works

FraudWatch International will monitor all DMARC reports on your behalf, taking that resource-intensive process out of your hands. At any time, you will still be able to view all reports within our client DMARC portal. If an email is sent that has ‘spoofed’ your domain, we will investigate the matter to ensure that someone isn’t using your domain without authorization.  The goal of takedown is to either remove, disable, block or secure the email server that was used for spoofing. Once you have approved the takedown, we will contact all parties related to the email server (the email server owner, the host, etc.) and continue the conversation until the goal is reached.

FraudWatch International has a number of clients in the Banking sector who use our DMARC service.  We have assisted these clients with varying levels of takedowns to fit their requirements, as some companies are spoofed more than others.

Once a DMARC record has been successfully created and correctly implemented (involving whitelists), criminals will no longer be able to spoof your domain, and this, in turn, provides greater protection to your customers, employees, and business.

Why choose DMARC with FraudWatch International?

Did you know that FraudWatch International offers a DMARC service, unlike any other security company? DMARC will help your business protect itself from online fraud and greatly improve your detection of spear phishing or phishing campaigns that have been sent out using your legitimate domain as cover. FraudWatch International is uniquely positioned to not only provide monitoring and reporting services for DMARC, as other providers do, but also to offer the added benefit of taking immediate action on offending content. This means that from the moment an item is detected as malicious, our takedown teams can start working on the incident through our other services.

Mitigating speed is a very important part of mitigating the impact on your brand. Receiving information as it happens, as opposed to waiting for one of your clients to inform you, is the key to getting in front of any issues that might arise – both from a public relations and a technical mitigation perspective. Combined with our exceptional relationships with third-party providers and our reputation for excellence and accuracy, FraudWatch International can effect takedowns quickly.

It’s time for you to get on board with DMARC.  Not only can it help in delivering effective communications to your customers, but it does some useful security stuff too.