Don’t get fooled.
It’s highly likely you’ve heard horror stories about email attacks, the most common being about the head of payroll from a big corporation receiving an email from the CFO—requesting confidential financial information or large sums of money—only to discover the email was actually from a cybercriminal disguised as the CFO. By the time it’s discovered, the data shared has been compromised or money transferred had been lost. While this may sound “old,” it still happens.
Social engineering has become a rising threat to business email. In 2018 losses due to business email compromise scams reached $1.2 billion USD. Spoofing is just one of the “characters” making its appearance. So, what is spoofing exactly? It’s the act of cybercriminals creating emails with forged sender addresses with the hope the recipient of the email believes it originated from a known source, opens the email, and responds by clicking on malicious links or sharing the data (or cash) requested included in the text.
What can you do to help prevent email spoofing?
First, a layered security approach is needed in today’s ever-evolving cyberthreat landscape. Gone are the days when you could just rely on the basics. A powerful email security solution should form part of your security layers, including taking additional steps to set up Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-Based-Message Authentication, Reporting and Conformance (DMARC).
Why use SPF, DKIM, and DMARC?
SPF is used to restrict which mail servers can send email for a specific domain name. This framework is designed to detect and block email spoofing. When signing outgoing messages with DKIM the recipient will be able to verify the respective message is from the sender it claims to be from and that its content has not been modified. When you apply DKIM it reduces the chances of emails being identified as spam and helps discourage others from spoofing your email, especially when combined with SPF. DMARC is an email protocol designed to help prevent email spoofing when used in conjunction with SPF or DKIM.
How do SPF, DKIM, and DMARC work?
SPF’s framework provides a mechanism to allow receiving mail exchangers to verify that incoming mail from a domain comes from an IP address authorized by that domain’s administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records in the form of an SPF record, which is a specially formatted TEXT record.
DKIM adds a special signature to the email headers. This signature contains a hashed value of the content (both important headers and the body). When a server that is checking for DKIM receives an email it will retrieve the public key from the DNS of the sending domain then use the key to decrypt the signature and verify the content.
As mentioned, DMARC is an email protocol that should be used in conjunction with SPF or DKIM. It gives the administrator of the receiving server the ability to act on messages when the criteria are not met. DMARC also provides the tools for senders to monitor the abuse of their domains.
Help prevent spoofing with SolarWinds Mail Assure
SolarWinds® Mail Assure is a cloud-based email security solution with advanced threat protection that guards inbound and outbound email from email-borne threats. Real-time pattern threat recognition leverages a variety of filtering technologies including anti-phishing and impersonation protection. Finally, Mail Assure’s technology supports SPF, DKIM, and DMARC, enabling customers to take every measure possible to help prevent email spoofing and phishing attacks.
To experience how SolarWinds Mail Assure can help protect your inboxes from cyber threats, start a trial today.
Mia Thompson is product marketing manager, Mail Assure, at SolarWinds MSP.