Articulating DMARC as a key defence against phishing

Mikey Molfessis, Cybersecurity Expert, Mimecast.
Mikey Molfessis, Cybersecurity Expert, Mimecast.

A ‘tidal wave’ of cyber attacks is threatening organisations across the country, yet a key defence tool – Domain-based Messaging Authentication Reporting and Conformance (DMARC) – has been slow to be adopted.

This is according to Mikey Molfessis, cybersecurity expert at Mimecast, who says the DMARC email authentication standard has proven highly effective in helping organisations fight the rising threat of brand exploitation, helping to prevent email phishing attempts and business email compromise attacks.

This has become increasingly important as cybercriminals unleash a growing wave of cyberattacks. In the first 100 days of the pandemic, Mimecast researchers found massive increases in several attack types in South Africa, including spam (up 46%), impersonation attacks (up 75%), malware (up 385% ), and unsafe clicks by employees (97% increase). During the same period, more than 115 000 COVID-19 related spoof domains - designed to steal personal information - were taken down.

“DMARC plays a key role in mitigating email phishing attempts that spoof legitimate email domains, but adoption remains low due to its complexity and the fact that the technology and its benefits can be hard to articulate without a cybersecurity background. To get key leadership and stakeholders on board, cybersecurity teams must learn how to clearly communicate DMARC’s importance — especially given the technology’s high efficacy and generally low cost,” Molfessis says.

As an email validation system designed to detect when someone is using your domain without authorisation; DMARC can be used to block delivery of unauthenticated email. It builds on existing SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) protocols by adding a critical reporting element and a blocking mechanism.

Organisations may suffer lasting brand damage and revenue loss if their customers, partners, employees or suppliers are successfully targeted by cybercriminals. DMARC gives organisations the power to govern their email domains and have visibility over emails that are being sent on their behalf. This allows security teams to quickly discover and halt any unauthorised emails being sent from their domains, protecting customers, employees, partners and suppliers from potential exploitation by cybercriminals. It also gives companies the ability to instruct those receiving their mails to reject the mail if security checks are not aligned.

“To use a real-world analogy, imagine an email is a package that needs to be delivered to a recipient at an office park. Upon arrival, there are two security guards checking the delivery person’s credentials independently and simultaneously. The first guard checks the license plate to ensure it matches a verified delivery van. The second guard checks the driver’s identification to ensure the package is coming from the expected delivery person and company. These two checks are likened to inbound SPF and DKIM checks, respectively.

If the license plate checks out and the driver identification matches, the delivery goes through. However, if one or both checks do not align, DMARC comes into play. What if the license plate checks out but the driver identification doesn’t? The guards must check the DMARC policy established by the delivery company to determine what action to take: reject the delivery, quarantine the package, or take no action.”

According to Mimecast's State of Email Security 2021 Report, only 30% of South African respondents were using DMARC. “Amid growing risk, all organisations need to meet their moral obligation to keeping customers safe from exploitation by cybercriminals. DMARC is an underused but highly effective tool in the fight against business email compromise, and can help organisations maintain the trust of their customers, partners and suppliers,” says Molfessis.

Share