One major cybersecurity risk that continues to plague businesses year in and year out is phishing attacks.
Just when a system is put in place to detect them, phishing scammers morph their attacks to try to get around it. For example, when the detection of malicious file attachments by anti-malware programs successfully began blocking a majority of scam emails, attackers switched to including links to malicious websites instead.

Business email is one of the most used applications in an office. Employees will typically spend over a quarter of their day reading and replying to emails. This is why it has continued to be the #1 target for hackers and cause of data breaches, ransomware infections and other cybersecurity incidents.

Phishing attacks are at their highest level now compared to the last three years.

Email spoofing is one of the ploys used in phishing that tricks many users into clicking a dangerous link. This is when an attacker uses another company’s email domain in the “From” line of an email.

For example, a phishing attack may be coming from the hacker’s email domain (xyzhacker.com) but in the From line, it will show to the recipient as something like [email protected].

This trick can be used to make users think that a phishing email is legitimate. They may recognize the email address as that of a software vendor they use which makes them believe that a scam “password reset” request is legitimate.

Email spoofing has become so bad that this year Microsoft increased the security of their platform with spoof intelligence to help combat the problem. 

How can you stop spoofed phishing emails from getting into user inboxes? You can use a method called email authentication.

How Email Authentication Works

Email authentication is a set of three protocols that are set up on an email server. If you use Microsoft 365, then you would set it up there. If you host your own email on your server, then it would be set up in your email administration panel.

What email authentication does is act as a series of “email security gates” that check to make sure an incoming email is actually from the sender stated in the “From” line.

The process involves three protocols:

  • SPF (Sender Policy Framework)
  • DKIM (DomainKeys Identified Mail)
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance)

Each of these is one of those “security gates” and they each play a different part in the authentication process. All three should be used together for a strong email authentication strategy.

Here is what each of them does to detect and block phishing emails trying to use email spoofing to fool users.

SPF

The SPF protocol looks for a direct match, or mismatch, between the IP address that is approved to send email from the domain listed in the “From” line and the IP address of the email domain that actually sent the message.

If those two IP addresses don’t match, the message is flagged as potential email spoofing.

SPF also helps you ensure your legitimate messages are not blocked by someone else’s mail server that is using authentication. For example, if you use a service like Mailchimp, you can list their IP address as one that is authorized to send mail from your domain.

DKIM

DKIM takes authentication another step farther by the use of two domain keys. One is kept on your mail server and the other is sent along with email messages. The keys help verify that no one has altered the “From” line of the message from the time it was sent to the time it was received by the receiving mail server.

DKIM also has to be passed in order for the message not to be flagged.

DMARC

The DMARC protocol is the third and it is the one that gives directions to the receiving mail server about what to do when messages fail the SPF and DKIM authentication protocols.

For example, you might have an email that does not pass authentication sent to a Trash or Quarantine folder. 

DMARC can also give reporting commands to the receiving mail server to report back on all mail that has or has not passed authentication. This allows you to see how many spoofed emails may have been blocked.

It can also give you a heads up if a scammer is trying to spoof your company email address which will allow you to send notices out to staff, customers and vendors warning them that they may be receiving scam email that is not actually from your company.

All three protocols working together can help you cut down on potential data breaches due to phishing using email spoofing and help you protect your own company and domain reputation.

Get Email Authentication Set Up on Your Mail Server 

Email authentication is an important tool in the ongoing battle against phishing attacks. Sound Computers can get SPF, DKIM, and DMARC set up for you to ensure your email inboxes are protected.

Contact us today to schedule a free consultation. Call 860-577-8060 or reach us online.

August 3, 2020
Steven Nuhn