Email phishing and DMARC, DKIM and SPF tools
What is Email Phishing?
Here is an example of email phishing.
Hi, Dear Marie,
Hope, everything is fine. Today I made some credit card updates. Here is my account number ***, and please transfer my money to this account today.
CEO and Founder of example company.
Would you like your accountant to send your money to another phisher guy by deception? Of course no. So, this is an amazing journey for you to understand the DMARC concept and learn how DMARC implementation can increase your business trust.
What can you to stop email phishing attacks?
You can build DMARC record to stop a phisher guy from stealing your private data, writing on your behalf, or using your personal email address for violation purposes. As well as, DMARC can help you increase your email deliverability and help your emails to reach customer’s inbox. So, be responsible enough to use DMARC policy generator, because business data security is more than important.
If you are a businessman, a bank officer, a chief marketing specialist or an engineer and you’re worried about your data privacy, accounts information security then this article is really useful and helpful for you.
“According to the researches, 34.9% of all spear-phishing email was directed at an organization in the financial industry”. You can check urls at Openphish.
Why is protected email important?
In our age, protected email is important, because it helps you connect with your colleagues, friends or family members in the highest level of security.
There are several benefits of protected or secured emails:
- avoid business risks
- protect confidential information
- nullify message replay possibilities
- avoid identity theft
- repudiate sent messages
Is this issue so widespread?
As stated by Hubspot, 86% of professionals prefer to use email to communicate for business purposes. Other researches show that an Email is the third most influential source of information for B2B customers. There is and interesting research by Themarketinghelpline, you can check it here.
According to Global IT Security Risks Survey of 2014, the typical damage of a breach (including the costs of hiring professional services, increased downtime, and lost business opportunities) was $35,000 for small-to-mid-sized business and $690,000 for enterprises”.
If you want to avoid email phishing then, you will say “I want advanced email protection for my business domain”.
Additionally, DMARC email protection can help increase your domain authority and enhance email deliverability. These are some of the vital benefits of DMARC.
“E-Mail phishing rate is 1 in 1,846”.
What is SMTP?
In 1982, when people discovered the simplest mail transfer protocol they couldn’t anticipate that email phishing will become a global issue for a lot of companies and users, but year by year the number of spam emails started to grow increasingly.
Simple Mail Transfer Protocol or SMTP is designed as a mail transmission system that allows you deliver your message to another person. This simple protocol is responsible for emails transmission. MTA (mail transfer agent) and MUA (mail user agent) are email agents. MTA is an email transportation agent. This simple protocol helps you send and receive emails. MUA is an email client. It allows users to read your messages.
There are lots of Softwares which are responsible for email delivery. Microsoft Outlook, Eudora store your emails on your computer. Others, such as Yahoo and Hotmail store and collect your emails on its mail server. So, SMTP protocol is a simple mail format which allows people to send and receive emails.
According to the researches, 76% of organizations said they experienced phishing attacks in 2017.
The growing numbers of phishing attacks make people dig deep into this problem to find appropriate email protection solution.
DKIM AND SPF protocols
SPF protocol is an address validation tool which can check email address origin. Everybody has its unique, authorized DNS records where he/she can send an email from. DKIM is a component of email authentication which uses an encrypted signature to check the sender’s DNS records in order to verify the source of the mail. I can compare SPF and DKIM protocols with a matching necklace of couples, where a boy wears a key and a girl wears a heart. DKIM is that key, he can open the SPF source.
So, what is DMARC?
DMARC is an email authentication or validation protocol which is based on SPF and DKIM protocols.
In this scene, you can refer to DMARC as a policeman that detects a guy who wants to send an email to David’s accountant. The policeman, who is DMARC, can even send you the reports of failed emails. There you can see both the IP addresses and information about the phisher.
DMARC (Domain-based Message Authentication, Reporting Conformance) helps you control the way people sending another person an email from you by your name. You can generate or configure your DMARC record by EasyDMARC free tools.
If You don’t have any DMARC policy every single person and spambot can send an email on your behalf to another person without letting you know about that. Although DMARC can’t prevent someone from making a phishing attack, it can send reports to you which will let you investigate about phishing fact. In this case, it maintains the conversation between you and a recipient. So DMARC as a policeman always sending a signal about violation act. These fines are called DMARC policies.
DMARC has 3 different types of policies You can apply as your DMARC policy now!
“None” DMARC policy helps you to analyze DMARC reports, but the spoofed emails are still going to the receiver’s inbox, although,
You can choose a “Quarantine” policy if You want to deliver failed email as a junk email or a spam.
“Reject” DMARC policy never ever allows the spoofed emails get delivered.
DNS records keep all information of your IP address and your domain. So it looks like your passport, which belongs to only. Imagine, that there are written your birth date and time, age and other information. DMARC as a policeman is going to check the archives and the documents of a sender to know whether it is a spambot, and a criminal or the owner of the domain. DMARC checker verifies the IP address consistency with a real domain.
What is Email Spoofing and Phishing?
According to Kaspersky Lab, 2016 report “Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc”.
Email phishing is a cyber act of a data theft. Phishers can steal your sensitive datas, username, and password, bank account information, email address to send an email to someone from your email address. The purpose of phishing attack is to pretend to be a person whom you’re in an email communication with. So, a phisher is a person who is good at creating real-looking and spoofed emails.
According to Microsoft’s Justin Rao and Google’s David Reiley, spammers make $200 million per year, while it costs $20 for companies globally.
So, let’s conclude!
The scenario is like this. Imagine, that a phisher guy wants to send an email to David’s accountant. A DKIM’s role is to check David’s IP address and see if private or matches with the private and public key. DKIM and SPF have a healthy and good relationship with each other and they work together as close friends to conquer with the phishers or bots.
If David’s Domain had an SPF record it is less likely that a phisher can send an email from his email address. If the accountant has a DKIM signature it means he can verify active directory domain name.
I have mentioned, that SPF and DKIM protocols are the basis of email authentication but this doesn`t mean that a phisher can’t send a spoofing email or a spam from someones IP address if he/she added SPF and DKIM DNS records. If David uses a DMARC record generator and have his Dmarc record published a phisher guy again can send an email from David to Marie, but this way, David can apply his DMARC policy.
DMARC policies in a nutshell
For example, send it to a Marie but send me the records about it-”NONE” policy.
Send it to Marie’s junk folder and send me the records- “Quarantine” policy.
Never send it to Marie but send me the records- “Reject” policy.
For a lot of Businesses, it is important not only to send email but also to ensure email protection. So, secure email marketing is the best way to gain customers interest, raise business authority, increase email deliverability rate, and stop phishing scams. (For deliverability best practices you can check Sender.net‘s blog ) No one can say he/she doesn’t need a protected email, for email information leakage and not protected email can cause huge and irreversible damages to your company.