Secure Your Email With DMARC

Secure Your Email With DMARC
DMARC, Domain-based Message Authentication, Reporting & Conformance is an email delivery standard that has emerged to improve the trust between sender and receipts of an email. 
 
Email is the main mode of communication these days in every sector. The protocol named SMTP which stands for Simple Mail Transport Protocol is used for email communication via the Internet, developed four decades ago where it was only concerned about communication and not much about security. Hence SMTP is susceptible to a wide range of attacks where Spear-phishing, in particular, can be more successful by altering the sender e-mail address to impersonate a trustworthy organization/Person. 
 
Mitigating the risk of email abuse is the objective of implementing DMARC standard by helping email senders and receivers work together to better secure emails and to protect users and brands from painful and costly abuse. 
 
DMARC is developed by a group of primary email receivers such as Gmail, Hotmail, Yahoo and others in an effort to restore trust to the email sender/receiver relationship by reducing email threats such as phishing, brand impersonation, and email-delivered malware. 
 
Even though organizations educating their users with many user awareness sessions to avoid email frauds, It is evident by Verizon Data Breach Investigations Report stating that 30% of all phishing e-mail messages were opened by the recipients and with 12% clicked on the content. 
 
DMARC has two standards named SPF which stand for Sender Policy Framework and DKIM stands for Domain Keys Identified Mail to ensure proper email authentication.  
 
SPF is an open standard used for email validation. It is designed to prevent e-mail spam by verifying sender IP addresses and thereby address spoofing can be detected if any. In short, SPF allows domain owners to specify who can send e-mail on behalf of their domain. Mail exchangers use the DNS to check if an email from a given domain is being sent by a host who has the permission to do so and analyzes the message’s envelope return address from the Mail From field and querying the domain’s DNS record for permitted IP addresses. 
 
DKIM allows the organization to take responsibility for a message which is in transit.  The organization is a handler of the message and trust of the message is evaluated on the basis of the reputation of that organization. DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. 
 
E-Mail receivers apply many different methods to analyze incoming messages, including SPF and DKIM, so in coordinating the above mechanisms DMARC comes in play. DMARC does not eliminate the need for additional forms of analysis, but it does provide a way for participating senders and receivers to streamline the process by coordinating their efforts.  
 
                     
The above snapshot shows how DMARC works. Initially, the sender composes an email and sends it which will reach mail server and then mail server adds DKIM header to that email and sends it to the recipient as mentioned. The validation tests which checks for IP Blocklists and evaluates Reputation and Rate limits of the organization has to be performed on receiving end where it retrieves verified DKIM domains and also retrieves SPF envelope and then DMARC policy will be applied. If the message passes DMARC policy, then we can say that email is authenticated. If it fails DMARC policy, then that message can either be Quarantined where the message will be sent to Spam/Junk or message will be blocked where the message does not deliver at all and the Final report has been to sent from receiver to sender stating that what all messages got authenticated and what all messages failed. 
 
Implementing DMARC, in particular, helps in:  
 
  • Minimizing false positives.
  • Reduction in Phishing attacks
  • Detecting misconfigurations if any
  • Asserting sender policy at receivers.
  • Providing robust authentication reporting
  • Working at Internet scale.
  • Minimizing complexity.
  • Publishing a DMARC record protects your brand by preventing unauthenticated parties from sending mail from your domain. 
  • DMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the email ecosystem as a whole become more secure and more trustworthy.
  • Mitigating the risk to your organization by stopping spear-phishing e-mails before they reach your users. 
  • Protect other organizations by decreasing the risk of them receiving spear-phishing emails, which misuse your domains. 
  • Be informed in real-time of new spear-phishing e-mail campaigns, which may put your organization or your community at risk. 
Demerits of DMARC: 
 
  • Prevents basic attacks but it lacks in eliminating advanced attacks like Homoglyph attacks.
  • In cases where a message is spoofed for legitimate reasons, it will fail DMARC and hence email communication does not happen.
None of these solutions are easy to implement, and none of them are ideal. However, DMARC is a very useful technology for preventing spoofing and is the biggest step forward we have seen in recent years to combat against phishing. 
 
Authored By - Suryabhargav R
TCS Cyber Security Practice
 
Rate this article: 
0
No votes yet
Article category: