With the advent of social media and mobile computing, the number of potential attack vectors has increased dramatically over the last few years. But that doesn’t mean attackers have abandoned an old standby. Spam and phishing attacks sent via email continue to put brands and users at risk. Fortunately, industry efforts to reduce spam and phishing attacks are making headway.
In 2012, leading technology, financial service, media and retail companies founded the DMARC industry group. Their goal was to fight email fraud by helping email senders and receivers work together to better secure emails. This would be achieved via DMARC, or Domain-based Message Authentication, Reporting & Conformance.
DMARC is a technical specification intended to help reduce the potential for email-based abuse by solving long-standing operational, deployment, and reporting issues related to email authentication protocols. DMARC enables email receivers to authenticate legitimate messages and exchange information with email senders about how to handle unauthenticated messages (either monitor, quarantine or delete them).
Featured Download: Social media access at work. Do your employees know the rules?
The DMARC draft specification holds a lot of promise for improving global email health, reducing spam and preventing phishing abuse. In fact, the IETF recently created a working group for DMARC to develop the final standard. However, the solutions available to date to deploy DMARC have been expensive and complex. They’ve also failed to harness the full potential of DMARC as part of an ongoing threat mitigation program.
As the IETF’s work progresses, it is likely that more technology providers will support the draft specification. IT organizations should look for a technology solution that leverages DMARC to determine where phishing attacks are coming from and quickly shut them down. These solutions can also increase visibility over authorized email campaigns and provide accountability for third-party organizations sending email on the company’s behalf.
DMARC has a great potential in reducing fraudulent email, but it also has the potential to be a key component in threat detection and mitigation. When fully deployed, DMARC enables companies to not only reduce fraudulent or spoofed email but also improve threat intelligence around targeted attacks on their brands. Increasingly, we should see technology providers making it simpler and more cost-effective for companies to take advantage of this specification.
About Easy Solutions
Easy Solutions a security vendor focused on the comprehensive detection and prevention of electronic fraud across all devices, channels and clouds. Our products range from fraud intelligence and secure browsing to multi-factor authentication and transaction anomaly detection, offering a one-stop shop for end-to-end fraud protection. The online activities of over 60 million customers at 220 leading financial services companies, security firms, retailers, airlines and other entities in the US and abroad are protected by Easy Solutions Total Fraud Protection® platform.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.