Searching...
Monday, 30 July 2012
7/30/2012 09:53:00 pm 0

DMARC: Weapon against Domain and Brand Spoofing



Phishing attack or Email Spoofing is a growing problem for internet users. Phishers send Email messages to internet users that attempt to trick them into disclosing confidential information. Sometimes, these messages turn out to be very dangerous, if the user is not able to identify fraudulent messages and got tricked by the phishers. So, the better way to save users from phishers is to stop these messages before they reach the user mailboxes. DMARC (Domain-based Message Authentication, Reporting & Conformance) is playing a very important role in preventing Phishing attack or Email Spoofing problems.

DMARC specification is based on the two authentication policies:
  • SPF (Sender Policy Framework) 
  • and/or DKIM (Domain Keys Identified Mail) authentication, 
SPF (Sender Policy Framework) authentication checks the IP address sender whether it exists among the list of DNS record of the authorized domain used by the MAIL-FROM address or not. It authenticates the domain found in an [SMTP] MAIL command.

DKIM (Domain Keys Identified Mail) Signatures authenticates the domain name identity that is associated with the email message. This is done by cryptographic authentication. Encrypted key is used to sign the message and a public key is added as a DNS record to the domain indicated in the DKIM signature. A domain-level identifier is added in the content of the "d=" tag of a validated signature.




Before DMARC, there was no hard and fast rule that what ISPs need to do with non-authenticated messages. All non-authenticated emails were not rejected as a result of that many were allowed to reach the inbox.

But now, by using DMARC policy senders instruct Internet Service Providers (ISPs) to handle fraudulent and non-authenticated messages. When a message cannot be authenticated or can be authenticated, but does not pass the DMARC “test” then, email receivers sends a  reports to the sender about the sent messages. ISPs then, deliver messages that can be successfully authenticated and pass the “DMARC test”, other messages are rejected before reaching user mailboxes.

Benefit of using DMARC:
With the use of this policy, non-authorized entity cannot send messages that spoof the company’s main domain. If someone who is not the legitimate owner of the domain“myCompany.com”, will try to  deliver messages from “alerts@myCompany.com” then, the sent messages will be rejected automatically before being delivered to user.

In this way brands are protected from spoofing or phishing as the email messages sent by someone who tried to spoof the company’s main domain will never reach their customers. Thus, DMARC helps companies to fight against the hi-jacking/spoofing of their identity.

0 comments:

Post a comment