Skip to main content

What is DMARC Email Authentucation?

Email authentication is not new however the concept can be a little difficult to understand. Especially given the necessity for domain owners to implement the newest of the three authentication protocols, 
DMARC the the anti-SPOOF solution.


Let’s start with some key concepts.

KEY CONCEPT 1:

It has taken since 2013 but it has arrived: Anti-SPOOF authentication (DMARC).
The Google’s and Microsoft’s of the world do not want the SPAM and SPOOF plague to continue. Already there has been a 10% drop in SPAM due a number of things but mostly due to the anti-SPOOF (DMARC) adoption. The US Government has mandated and implemented the solution and others are following.

This means that a cascade effect will take place. You see the protocol is designed to allow receivers of email to filter or reject unauthenticated email. This protects recipients from SPOOF Phishing attacks and business email compromise attacks. 

In reverse it helps the domain owner  better control the sources of email that use the domain and requests the receiving servers to act in accordance with the instructions given via a DNS entry. 

So once an organisation is compliant then it is logical they expect organisations they do business with do the same. Otherwise you can simply reject unauthenticated email. 

KEY CONCEPT 2:

Receiver Vs Sender (from) Vs The Postman (sending agent)
When you send a letter via the post – you put your details of the recipient on the front and often the details of whom the letter is from on the back or inside the envelope. You put the letter in the postbox and Australia Post, Royal Mail or US Mail (whoever) picks up the letter and starts the process of delivering it. 

When the letter is finally received by the targeted recipient, how can they actually know for certain that the letter is from the person or organisation that sent it?  They can not, there maybe tell tail such as recognizably handwriting, but you actually don’t know unless it was registered post. If it is registered post you then have some sort of recourse and expect honesty from he postal system,

Well it have been the same with email, until now.


Zulu eDM is the postman and you are a sender of email. The big difference is the receiving “postmaster” for the majority of cases the big web mail providers 
(Yahoo,Microsoft, AOL, Gmail etc) and now Governments   are insisting on knowing who the actual sender of the email is. 

Instead of using registered post we call it email authentication. When an email is authenticated using the new anti-SPOOF DMARC protocol, we can guarantee which domain is actually was responsible for that email.

That guarantee will then allow the industry to decide if you are a good or bad sender and if your domain should be blocked or allowed to reach the inbox.

The net effect will mean that SPAM, SPOOF and PHISHING email can be more easily recognized and then blocked or shutdown and/or have the authorities deal with it.

Goodbye SPAM.

KEY CONCEPT 3:

Winter has arrived
2013 was quite sometime ago, approximately when we first learnt of "the winter is coming" story line on the Game of Thrones. 

When we first took up the DMARC project and realized far reaches it will have, SPAM volumes had reached 95% of all email. 

Since 2016 SPAM volumes have decreased by about 10%  Now that  the US Government has gone live (October 15, 201`8) and our data shows more DMARC adoption than ever before we are expecting to see a flurry of SPAM and attacks for remaining domains before the numbers start to drop again.

On the flip side, if organizations (or domain owners) do not adopt this standard then they will get less and less email through to target recipients not matter what type of email. 

DMARC / anti-SPOOF authentication has arrived and you must comply to prevent email interruptions.

Here are some tools to analyze your domain and find out more information.

Comments

Popular posts from this blog

Australian City Councils fail the ultimate test - protecting their community from crime in this case email

Australian Local Government have failed the ultimate test - protecting their community from crime. In this case crime relating to email.

The crime does not need to be isolated to online scams. It could be a council employee email address faked for criminal gain. 

In May 2018, we conducted research into over 570 local government organisations with the following results. 

Only 1 from over 570 surveyed is protecting their community. Narromine Shire Council has taken the necessary steps to prevent their domain from being used by criminals however no council has implemented an Anti-spoof / Phishing policy on their website. (narromine.nsw.gov.au)

One insurer has even referenced the Ipswich email scam which was completely avoidable. Ipswitch city council has not taken any steps to implement the protective measures -a link to check.

Only 24/50 councils have started the process but either stopped or are yet to become safe and trustworthy. Willoughtby City Council have now started the process.

The pr…

The US S&P 500 Up 7%

As part of the Trusted Sender initiative we will continue to monitor the largest companies on various Stock Exchanges.  From the period June - December 2018: US companies that have started the DMARC process is up 7% from 202 to 235 companies. The increase is most likely due to the US Government going live with their reject policy. 64 Companies were found to be protecting us from their domain from being SPOOF'ed however there is a disturbing lack of Financial Industry organizations that appear in this list given US banks were the founding organizations for the initial DMARC project. 

Five Times Safer - Australian Councils Increase Email Authentication

Whilst the Australian Federal Government lags behind it's peers, Australia Local Government has taken up the charge of protecting email users and their constituents by implementing a protected DMARC p=reject policy.
Amongst the 5 now compliant and secured email domains, in May 2018 when surveyed, only 1 of the councils, Narromine City Council, was compliant. Brisbane City Council, had started the process and none of the other remaining 5 councils had a DMARC record.
There has also been an increase in Councils beginning the Anti-SPOOF authentication process from 23 councils to 32, a net increase of 39% but the figure is a long way short of the 537 Councils surveyed.
You can find list of the councils by visiting our Trusted Sender App.