DMARC authentication protocol

WHITE PAPER

www.SproutIT.co.uk [email protected] +44 (0) 20 70368530 @Sprout_IT Sprout IT

ABOUT SPROUT IT

Sprout IT enable law firms & barristers’ chambers to achieve From Document Management Solutions and Fees/Diary competitive advantage and peace of mind, through the software, to email archive, compliance, encryption and innovative use of best-of-breed technology, focussed security, Sprout IT can plan, implement and support your cyber security and resilience, award winning services, and entire infrastructure. passion for service excellence. A self-service DMARC tool that makes securing easy

What is DMARC? In 2011, several of the major global email providers came together in an attempt to put an end to .

Although there were already two email security protocols in place at that time ( (SPF) and DomainKeys Identified Mail (DKIM), neither protocol effectively prevented phishing.

SPF - This protocol verifies emails which are sent from a valid IP address. DKIM - This protocol verifies emails which have been signed by the domain they were sent from or on behalf of (by using encryption in the header of an email).

While these protocols had been accepted by the major global email providers, a secondary layer was required to block the phishing emails which were being identified by the protocols.

DMARC - In 2015, the Domain-based Messaging, Authentication and Reporting Conformance (DMARC) was ratified to report on these individual protocols, accurately validate emails and block phishing attacks.

Enforcement through an authentication policy

The delivery of emails is handled by DMARC by reference to one of the following three policies, which can be set by the use

p=none – this policy allows all emails to reach the receiver, regardless of whether they have been authorised

p=quarantine – this policy determines that emails which fail DMARC validation will be sent to the receiver’s junk/spam folder.

p=reject – this policy determines that all unauthorised emails are completely blocked.

www.SproutIT.co.uk White paper by [email protected] +44 (0) 20 70368530 @Sprout_IT Sprout IT How DMARC works

Email is sent

Verifies if the email is Verifies if the email sent from an has been signed by authorised sender the same domain it was sent from

Authentication Authentication identifiers identifiers

Aligns authentication identifiers

Email passes or fails authentication

The recipient receives secure email

www.SproutIT.co.uk White paper by [email protected] +44 (0) 20 70368530 @Sprout_IT Sprout IT Which organisations are already using DMARC?

Adobe Pinterest Amazon AOL Instagram Verizon CNN Yahoo Dropbox PayPal YouTube

DMARC has been widely adopted by most email receivers (including Google, Yahoo and Microsoft), which means that most consumer inboxes are already protected. DMARC already protects 85% of consumer US inboxes and approximately 70% of consumer inboxes worldwide from phishing emails, provided that the organization being impersonated in a phishing email has a published DMARC record.

DMARC provides reports to users showing most, if not all, emails that purport to come from a user’s domain, not just those that cross the organization’s network boundary. This contrasts with traditional cyber security gateway appliances, which only pick up phishing emails that cross the network boundary.

Without DMARC, organisations are therefore not getting a complete picture of the number and scale of attacks against them.

Organisations that are subject to regular suffer considerable reputational damage. Phishing scams often attract negative press, with liability often attributed to the organization which has been impersonated.

Organisations that fail to take the necessary precautions to prevent email spoofing are likely to be considered less trustworthy. Customers may not trust emails which purport to come from such organisations and may be deterred from using email to communicate with them, this can impact on those organisations’ ability to communicate effectively with their customers.

www.SproutIT.co.uk White paper by [email protected] +44 (0) 20 70368530 @Sprout_IT Sprout IT Making the case for DMARC

You can check your organisation’s current DMARC set up at www.ondmarc.com, which will provide clear information on the status of DMARC, SPF and DKIM. The site will also indicate whether your inbox and DNS are compatible.

Complete visibility DMARC provides reports to users showing most, if not all, emails that purport to come from a user’s domain, not just those that cross the organization’s network boundary. This contrasts with traditional cyber security gateway appliances, which only pick up phishing emails that cross the network boundary. Without DMARC, organizations are therefore not getting a complete picture of the number and scale of attacks against them.

Hackers send email phishing attacks Hackers can impersonate your email address and to your firm. send phishing attacks inside and outside your firm.

[email protected] your-name@yourfirm.com

Your Firm

Clients Suppliers Your Firm

Various cyber security solutions OnDMARC stops impersonation of your filter inbound email. email address globally.

www.SproutIT.co.uk White paper by [email protected] +44 (0) 20 70368530 @Sprout_IT Sprout IT OnDMARC is self-service DMARC tool that makes securing emails easy Sprout IT's new technology partner, OnDMARC is a cloud-based application that enables organisations to quickly configure SPF, DKIM and DMARC for all their legitimate email sources and instantly blocks any email impersonation based phishing attacks.

OnDMARC is an easy and intuitive way to deploy and maintain DMARC protection across your domains. By analyzing the dense and complex DMARC reports OnDMARC not only gives you insight into what’s happening across your domains but also what to do about it.

OnDMARC’s Dynamic SPF allows you to use only 1 SPF lookup to connects to our system where you will have unlimited lookups. Not only is this much simpler to manage but it prevents your au the lookup limit of 10 and have your authorized traffic failing SPF authentication.

The three steps to securing your domain with OnDMARC are:

Insight - Your email configuration remains the same and we monitor your email traffic for you so you can easily identify authentic and phishing sources sending using your domain.

Action - You are given bespoke actions to configure SPF and DKIM for your authorised email sources.

Protection - Once you have properly configured SPF and DKIM and have no authorised traffic failing authentication for 7 days, OnDMARC will provide you with your DMARC reject policy to block all unauthorized senders from sending on your behalf. OnDMARC will continue to monitor your domain and alert you when changes need to be made.

www.SproutIT.co.uk [email protected] +44 (0) 20 70368530 @Sprout_IT Sprout IT How does OnDMARC Work?

You send an email

OnDMARC reprots Unauthorised sender and suggests actions

Checks DMARC, SPF and DKIM records

Spam Rejected Sender's organisation's DNS server

Get OnDMARC from Sprout IT Sprout IT is a key channel partner for OnDMARC. Get in touch with us to discuss the best possible OnDMARC implementation option for your business. Call us on +44 (0) 20 7036 8530 and choose Options: 2 or email us here.

www.SproutIT.co.uk [email protected] +44 (0) 20 70368530 @Sprout_IT Sprout IT