What does DMARC do for Business Email Compromise?

What does DMARC do for Business Email Compromise RiskXchange The leader in Third-Party Cyber Risk Management

Email security is one of the main cybersecurity protection measures that businesses should adopt today in this fast-paced digital age. Spoofing and phishing not only causes loss of data or revenue for the individual concerned but can trickle right through an organisation causing millions of pounds worth of damage. 

Business email compromise (BEC) is the act of enticing the business email user to do something they shouldn’t. Phishing and spoofing are common forms of BEC and since they account for nearly 90 percent of all cyberattacks, there’s no doubt that email security should be the number one priority within any business. 

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is crucial for protecting an organisation’s domain from being used in email spoofing. DMARC itself is an email authentication protocol specifically designed to protect networks against spoofing, which is often used for social engineering attacks – email scams, business email compromise attacks, phishing, spear-phishing emails and cyberattacks. 

What does DMARC entail?

DMARC works by leveraging existing authentication techniques – DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) – and offers guidance and specific reporting guidelines on whether to accept unauthenticated emails. It does this by either sending them to the spam folder or rejecting them altogether.

Once a DMARC record is published in your organisation’s DNS records, an insight is given as to who is sending emails on behalf of their domain. This information is used to determine the authenticity of an email and allows senders and receivers to understand if any fraudulent email is being sent. A DMARC check is now becoming increasingly more common and is supported by most popular email providers.

How do DKIM and SPF work?

For extra added email security, DMARC leverages the authentication techniques of DKIM and SPF.

The SPF checks whether the sending server IP address is authorised by the owner of the domain in the SMTP MAIL FROM command. 

DKIM allows some parts of emails to be cryptographically signed, covering the ‘from’ field. Within the DKIM-Signature mail header, the domain and selector tags specify where in the DNS to retrieve the public key for the signature. A valid signature is proof that the signer is a domain owner and shows that the ‘from’ field hasn’t been modified since the signature was applied. 

Why is DMARC important?

DMARC helps email providers and end-users differentiate between legitimate and illegitimate email messages by providing information about which emails should be delivered to an inbox, which ones go to spam and those that should be rejected. 

Businesses right around the world are susceptible to email spoofing, phishing and other types of social engineering campaigns that represent significant cybersecurity risk. Hence the reason why email security is so important. 

There have been a variety of methods introduced to identify cyber threats through BEC. However, resistance can be found in the following guises:

  • The mechanisms work independently of one another
  • Each receiver makes its own decisions on how to evaluate results
  • The real domain owner will not receive feedback

DMARC can coordinate the above-mentioned methods to enable domain owners to signal that they are:

  • Using email authentication (DKIM and SPF)
  • Supply an email address to gather feedback about emails from their domain
  • Provide a policy to apply to emails that fail authentication (report, quarantine, reject)

DMARC will also allow email receivers to be:

  • Certain the sending domain is using email authentication
  • Evaluate DKIM and SPF along with what the end-user sees in their inbox
  • Determine the domain owner’s preference for emails that fail authentication and provide the domain owner with feedback about emails coming in and out of their domain. 

What are the benefits of DMARC?

Publishing a DMARC record will improve the deliverability of your emails and protect your organisation’s brand and reputation by preventing unauthenticated parties from spoofing your domain. DMARC reports not only increase the visibility of your email security program, by providing information about who is sending emails from your domain, but also help to improve email security across your entire network. 

How RiskXchange can help

RiskXchange’s vision is to help organisations of all sizes manage their enterprise and supply chain security risk exposure, by providing a next-generation real-time security risk rating platform, capable of presenting easy to understand security risk and performance ratings for the board. This includes a complete overview of your organisation’s email security.

RiskXchange provides a powerful AI-assisted, yet simple automated and centralised unique 360-degree security risk rating management approach. We generate objective, quantitative reporting on a company’s security risk and performance, that enables organisations with evolving business requirements, to conduct business securely in today’s open, collaborative, digital world. 

About RiskXchange

RiskXchange is an information security technology company, that helps companies of all sizes fight the threat of cyber threats by providing instant risk ratings for any company across the globe. RiskXchange was founded and is led by recognised experts within the security industry, who have held leading roles within companies such as IBM Security. 

Find out more here.