<

Surveying Anti-Phishing Standards – Part 2

Published on
442 Points
342 Views
1 Endorsement
Last Modified:
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense Magazine.

In our last article, we looked at three different technology standards that combat spam and phishing attacks. If you haven’t read the first installmentof this two-part series yet, check it out now to familiarize yourself with some important terms we’ll use while exploring why these anti-phishing standards aren’t more widely used today.


Sender Policy Framework (SPF) was an open standard created to prevent sender address forgery in email envelope MAIL FROM headers. At around the same time, DomainKeys Identified Mail (DKIM) was developed to authenticate approved mail servers for a domain. Finally, Domain-based Message Authentication, Reporting and Conformance (DMARC) was a solution crafted to tie SPF and DKIM together with added reporting functionality. All three of these technologies are great at helping to stop common forms of phishing. So, why haven’t they reached 100 percent adoption?


As it turns out, SPF and DKIM adoption are actually doing quite well with email senders. According to a 2016 report by Google, 95 percent of non-spam emails received by Gmail users came from senders with SPF records, and nearly 88 percent of non-spam emails employed DKIM signing. DMARC, however, is still struggling to take off. A Federal Trade Commission report earlier this year found that only a third of surveyed companies have published DMARC records and less than 10 percent of that group have configured their DMARC records to reject unauthenticated messages.


The good news is that DMARC adoption has been seeing modest improvements. According to the Online Trust Alliance (OTA), adoption for both DMARC record and rejection/quarantine grown over the past year (from 27.4 percent to 34.3 percent and from 5.8 percent to 14.6 percent, respectively), and that the Internet Retailer and Consumer categories were the lead adopters for both. Unfortunately, organizations in the Federal and ISP categories were the laggards for records adoption, and banks and federal groups were dragging their feet in rejection/quarantine adoption.


So, while there have been humble increases in DMARC adoption, the rates are still low; especially with compliance enforcement enabled. Why might this be? For one thing, it’s common for businesses to start with a DMARC solution configured with a “none” policy while testing, which means they don’t want recipient email servers to take any action against non-compliant messages. Businesses might choose to do this if they use third-party mailer services to send newsletters, since DMARC can cause these messages to be denied if misconfigured. It’s certainly important to test policy changes in phases instead of diving right in at the risk of breaking something critical, like your company’s ability to send email.


Here are three tips that can help you properly set DMARC policies:


  • First, test with a “none” policy.      Mailboxes that support DMARC should still send reports on messages that      fail DKIM and SPF checking. This can help you identify legitimate email      sources from your domain that you may have overlooked.



  • Once you have finished testing your      DMARC record, change the policy to “reject” or “quarantine” to instruct      recipient mailboxes on how to handle spoofed messages from your domain.


Configuration issues aren’t the only obstacle here. DMARC also suffers somewhat from the “chicken or the egg” conundrum. Some companies wonder why they should invest precious resources into testing and deploying DMARC records for their domain when recipient mail servers don’t bother verifying emails against them. It is commendable that DMARC’s adoption rate was 60 percent by mailboxes after just one year, but that percentage has only grown by 10 percent as of 2016 according to a recent report by Return Path. DMARC verification by recipient servers must increase as well, in order to help slow the growing epidemic of spam and phishing.


It is in everyone’s best interest to fully adopt protocol standards like SPF, DKIM and DMARC. While they may take some effort to deploy, the benefits are more than worth it. Preventing spammers from spoofing your company’s domain can help you avoid costly reputation damage and shield your customers from annoying, potentially malicious emails. Enabling DMARC verification on your own mailboxes for incoming messages can also drastically reduce your chances of falling for convincing phishing attacks.

1
Comment

By clicking you agree to the Terms of Use and Privacy Policy.
0 Comments

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month