In email security, it all starts with the domain. its reputation, and its resiliency against attacks (such as DNS spoofing and cache poisoning). Some security measures can, however, form a good barrier.
Email spoofing, a technique used in spam and phishing attacks, remains one of the most prevalent cyberattacks. Each day, 3.1 billion domain spoofing emails are sent. According to a recent Anti-Phishing Working Group (APWG) report on phishing activity, phishing attacks have doubled since early 2020. In September 2021, the group detected 214,345 unique phishing sites. And the most victimized sectors by phishing included software-as-a-service and webmail.
Are you implementing the right security measures to deter malicious actors from spoofing your domain and protect your brand from email spoofing? We’re here to provide guidance on how to reduce the threat of becoming a victim of these malicious email campaigns. Here’s how you can improve the security of email recipients and protect your organization’s reputation.
Implement a Sender Policy Framework (SPF)
The SPF protocol stops phishing attacks by allowing your company to specify who can send emails on your domain’s behalf. You can add an SPF record to your Domain Name System (DNS), which serves a public list of senders that have been approved to send emails from your domain. Your SPF record can also have a policy on how to deal with messages from unauthorized IP addresses, such as rejecting, accepting, or flagging these messages as suspicious.
Leverage DomainKeys Identified Mail (DKIM)
When you add a DKIM record to your DNS, you can prevent threat actors from sending messages that appear to be coming from your domain because the protocol allows you to add a digital signature to email messages. With a DKIM in place, mailboxes and recipients can verify that the message they’ve received is truly from your domain through a verification done using cryptographic authentication.
Use Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC aligns SPF and DKIM mechanisms to verify the authenticity of an email, addressing the limitations of the protocols. With a DMARC policy, your domain can indicate that email messages sent are protected by SPF and DKIM. When an email passes a DMARC validation, it is delivered. And if it fails, the email can be quarantined or rejected, depending on the receiving email system’s policy.
Run regular tests on your Domain related systems
Free tools, such as our anti.phishing tool, can provide you with valuable insights on your domain
Consider vendor support and third-party senders
Confirm the level of vendor support. Not all service providers implement SPF, DKIM, and DMARC. Check whether your infrastructure’s hardware, software, and other components to confirm you have adequate support.
When implementing security protocols, you should also consider your third-party senders. Those that have been authorized to send emails on behalf of your domain should be incorporated in your domain’s SPF record. And for those third parties to pass DKIM, they should have a private key to sign in. To ensure DMARC enforces SPF and DKIM alignment, you may need to create a designated subdomain and use a CNAME DKIM record.
Assigning dedicated subdomains to your third-party senders may also be a strategy to protect user addresses from being spoofed. With subdomain separation, authorized third-party senders would only be allowed to send messages from specifically allocated subdomains.
Threat actors may impersonate your domain and deliver malicious messages under your name, ruining your reputation. AnubisNetworks helps you stay ahead of these threats with a platform that uses sophisticated mechanisms and technologies, like Anti-fraud, DLP, Anti-spoofing, Sandbox-based Malware Analysis, and AAA analysis, such as DMARC, MTA-STS, DKIM, and SPF.