Protect your brand. Reduce phishing attacks. Improve email delivery.
When we think of cyber attacks, we often think of email. We’ve all received spam to varying degrees, however bad actors largely rely on phishing or spoofing attacks which can evade standard anti-spam solutions. These messages often aren’t caught by spam filters, and they look like legitimate e-mail. This can lead to damaged reputations, data theft, downtime, and more. How do they do this?
This image shows a report from a domain that is protected by Bound Planet’s EAM service. Spammers send email that spoofs this domain to the tune of nearly 6000 messages per day. The countries are highlighted based on source IP address of the sending system. Prior to implementing Bound Planet’s EAM service, these messages may have been delivered to unsuspecting victims. By fully implementing Bound Planet’s EAM, these spoofed messages are now typically rejected by the receiving server.
Sending an email invokes use of various mail delivery protocols which mail servers use to communicate. In that communication process, the sending server identifies itself, the sender, the recipient(s), and other details such as the subject and message body. Cyber attackers can manipulate that exchange to make mail appear to originate from any source they choose. The email client renders the “From:” field per the cyber attacker’s specification, so a piece of email could appear to be sent from anyone: a CEO, CFO, HR, and others.
It is up to the domain owner to tell the Internet how to handle email it receives from their domain. There are three related email authentication mechanisms that must be configured for each mail source for a particular domain. These are SPF, DKIM, and DMARC. Typically, only SPF may be configured, but not in all cases. Organizations using Google Workspace/Gmail or Microsoft 365 may have DKIM signing enabled and an SPF record, however DMARC will not be configured by default.
SPF (sender policy framework) states that servers receiving a piece of email should check a record published by the sending domain owner which declares servers authorized to send for that domain. The receiving server can then check to see which policy is published and deliver or reject mail accordingly.
DKIM (DomainKeys Identified Mail) states that the sending mail server will sign mail with a signature that the domain owner publishes. When an email is received by a mail server, the signature on the message is checked against what is published by the domain owner. If the signature does not match, the receiving server can reject the message.
DMARC (Domain-based Message Authentication, Reporting and Conformance) takes care of checking differences between SPF, DKIM, and the “From:” field in a message. Messages that fail alignment are rejected. DMARC supports reporting so that receiving servers can identify when an email either passes or fails alignment.
Application to frameworks / compliance
By working with Bound Planet to implement this solution, organizations can satisfy the following requirements:
- CMMC SI.3.219 – Implement email forgery protections.
- CIS v7.1 7.8 – Implement DMARC and Enable Receiver-Side Verification
Assess –> Implement –> Manage
This is where Bound Planet comes in. We assist organizations in fully achieving DMARC compliance to protect against spoofing, brand/reputation damage, and to improve email delivery. We work to identify sending sources and mail volume, configure DNS records and DKIM signing for each source, and finally monitor the implementation going forward. Our Email Authentication Management service makes this easy for your organization.