The ubiquity of e-commerce and the rise of the social internet has provided criminals a tremendous financial incentive to compromise user accounts to enable the theft of passwords, bank accounts, credit cards, and more. Illegitimate use of email domains is called spoofing and due to this fundamental flaw within the architecture of email, criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users. Users can’t tell a real message from a fake one. In the diagram below, the fundamental flaw can be identified but only by viewing the email header. The average consumer would see this as Paypal email.
Most organizations have deployed SPF and additionally DKIM in order to provide some level of email security and authenticity. Although they function well, criminals have been able to exploit a major weakness - they do not protect the email address that the user sees in their inbox. DMARC addresses these issues and helps email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.
DMARC implementation is a simple, staged approach that can produce massive benefits.
Our FREE tools and online FAQs and instructional videos can get you started quickly and provide assistance in every step in the journey.
by Con Lokos