It is widely understood that email is the number one threat vector for cyberattacks. This stems from the fact that email was not designed with security in mind, and cybercriminals do not need highly technical skills to exploit it.
In this blog, we’ll look at how threat actors exploit human vulnerabilities by impersonating people and brands, why DMARC is becoming mandatory, and how Proofpoint can help.
Are you for real? Looking legitimate to gain trust
Most cyberattacks today are initiated via email. As a result, many users have started to block or delete emails from unknown sources as a precautionary measure.
Cybercriminals realize this and have learned that their best chance is to fool the receiver into believing that they are dealing with a known source—ideally, a trusted source. And this is where sender impersonation comes into play.
Spoofing is a common form of sender impersonation. There are two main types:
- Domain spoofing. This is when a bad actor forges a sender’s domain in an email to make it appear as if the email is from a trusted source.
- Header spoofing. In this case, an attacker manipulates the email’s header information—including various fields such as “From,” “To,” “Reply-To” and others—so that it looks like the email is from a different source than its true source (the attacker).
Both tactics are designed to make recipients believe that they are interacting with a trusted source and can appear very legitimate. If someone believes they are communicating with a trusted person, they are more likely to divulge sensitive information or perform actions that compromise their security, such as handing over their credentials.
If an attacker is spoofing your company to target your partners or customers, it can cause significant damage to your brand’s reputation. To prevent this type of brand abuse, some companies have implemented email authentication technology as a “best practice.” But this trend is not as widespread as you might expect.
An overview of email authentication technology
To combat domain spoofing, Sender Policy Framework (SPF) was introduced, followed by Domain Key Identified Mail (DKIM), with the goal of validating that email is coming from an approved sending IP address and the message hasn’t been tampered with en route.
A company can create an SPF record that contains a list of all the “approved” IP addresses that can send email on the organization’s behalf. This allows a system receiving an email to do a quick check to determine if the email is coming from an authorized server. If the sending IP address isn’t on the SPF list, it fails authentication.
DKIM goes a step further by using public and private keys, allowing a receiving system to compare the keys in the email to confirm that it came from who it says it did and that nothing in the email was changed after it was sent.
Someone sending a domain-spoofed email would fail both SPF and DKIM authentication.
Email authentication is becoming mandatory
Email authentication tools have been available for years, so you would think that all companies would have implemented them by now. However, some businesses have been slow to act for various reasons, including:
- Resource limitations
- Budget limitations
- Concerns about legitimate email being blocked
Whatever the cause for the lag in implementing these tools, the delay has allowed cybercriminals to continue to exploit the lack of security to initiate their attacks.
Major email providers are making moves to force companies to catch up and use email authentication. Some highly publicized examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending email to Gmail, Yahoo and iCloud accounts. This should significantly reduce spam and fraudulent emails hitting their customers’ inboxes.
As for companies that process credit cards or store credit card information, they will need to enable email authentication measures, too. Based on the anti-phishing requirements in the PCI DSS V4.0 standards, these firms will need to meet a March 2025 deadline for compliance.
Other examples include DMARC requirements in the communication section of HITRUST V11 and mandates for government agencies in the United States and the United Kingdom.
The upshot: If your business has not yet fully implemented DMARC, now is the time to layout your plan and secure funding.
How can Proofpoint help?
Proofpoint is an industry leader in email authentication. More Fortune 1000 companies rely on us for DMARC than our next five closest competitors combined. We have the tools, resources and experience to assess your status and help close the gap more effectively than you would if you tackled it on your own.
Proofpoint Email Fraud Defense provides access to highly experienced consultants who can guide you through each step of your DMARC journey, helping you to meet these new requirements and protect your overall brand reputation. This solution includes Hosted SPF, Hosted DKIM and Hosted DMARC to help you simplify management and streamline implementation.
Proofpoint Secure Email Relay can help you address transactional emails—messages that may be sent from apps or third-party partners on your behalf. It helps ensure that all those emails are DKIM-signed. It can also help you achieve DMARC alignment at an accelerated rate.
Don’t wait to get started on your DMARC journey. You don’t know what issues you may need to overcome, and you don’t want to risk having critical emails blocked. Reach out to Proofpoint today. We can help you prepare for these new requirements, increase your overall security posture and break the attack chain.
How to meet new Google/Yahoo email authentication requirements
Watch our webinar to learn more about how to meet new email authentication requirements, and what you can do to make sure your business is compliant. And if you would like to get an Email Deliverability Assessment to identify gaps, Proofpoint provides this assessment at no cost.