You might recall the ransomware attack that happened at the end of 2022. We were still migrating a new partner away to their own tenant, but the fun was just beginning. There were many emails that appeared to be sent by the CEO and others, but it was a spoofed email.
The above email was going out as from the CEO! Of course, it was not the CEO but who else was this and other similar emails sent to? We do not know. The CEO also wanted to know what needed to be done to prevent this from happening. Is that what you were wondering as well?
Thankfully, we had time to implement some extra layers of security from the beginning. We set up SPF and DKIM, phishing, malware, URL policies and we saw many emails being quarantined. Emails that appeared to be from employees. We were so glad that we implemented SPF and DKIM because someone appeared to leverage the Rackspace environment to use their IP addresses to send email from email marketing software using Rackspace IP addresses. This was a problem!
The domain now had DKIM, and the domain was authenticated with a digital signature and this email did not match the signature, so it failed. It was also flagged for the malicious due to the .HTM attachment and was quarantined.
Guess what we were lacking in early 2023? We had not decided on the best solution for DMARC so we had no real visibility into where else the emails were going. Now we do! We are excited to add automation so that we gain visibility and a real-time view as the reports appear. Now we can implement tighter SPF policies and harden DMARC so that unauthenticated email is either set to be quarantined or rejected and we will be able to provide the necessary reports to our partners.
Is Your Email Domain Protected?
Is your email domain protected enough? Use the Domain Scanner to below to find out:
What Is SPF (Sender Policy Framework)?
This lets all know that the sender is authorized to send email from the domain that is claiming.
It is no wonder email is of the main tools used by threat actors to take advantage of people, it allows them to get on the inside!
What Is DKIM (Domain Keys Identified Mail)?
This is the stamp or seal showing that the email is authentic and sent from your domain. It also helps to ensure that the content of the email was not modified in transit. You certainly want that? It’s your reputation at stake!
What Is DMARC (Domain-based Message Authentication, Reporting & Conformance)?
The implementation of this allows you to have control over your email domain. Now, we can assist you in monitoring and analyzing emails that are being sent using your domain name. That is huge! You gain insight if your email domain were ever to be used by a threat actor for malicious purposes. At some point, the right policy of quarantine or reject can be implemented to stop the deliverability of emails that are not sent legitimately.
Of course, if you make changes in your senders or have some mass communication that needs to go out immediately, adjustments can be made so they go through. It is just that easy!
Let’s Simplify It!
SPF and DKIM is like proof of ID. Similar to asking for 2 forms of identification (ID). DMARC is the like the person checking to make sure that they are valid and acceptable. In some cases, certain forms of identification are needed over others. This is like having the different senders listed in the SPF. If the ID does not match you can set the policy to:
- Monitor only and allow noting what was off and allowing the email through. You still get the data to understand what happened.
- Quarantine allows you to instruct those emails failing the ID check be sent to the head of security for examination.
- Reject is the last resort as any emails failing the ID check are turned away, no emails delivered into inboxes for them.
It’s Time to Come to Grip with Email Security & Secure Your Inbox