Protect your email data with DMARC compliance and other measures
While complying with the Domain-based Message Authentication Reporting and Conformance (DMARC) protocol can help to mitigate certain kinds of cyber threats, DMARC compliance alone is not enough to protect your organization from a broad range of email-borne threats.
What is DMARC? DMARC is a protocol for authenticating that an email sent from an organization's domain is a legitimate message and not fraudulent. The illegitimate use of an organization's domain is a common technique in impersonation attacks, where cyber criminals pose as a trusted source inside an organization and to trick recipients of the email into divulging sensitive information or transferring money to fraudulent accounts. DMARC compliance enables a sender to specify that their messages are protected by DKIM and/or SPF, and lets receivers know what to do if an email isn't in DMARC compliance. Ultimately, DMARC email security prevents anyone except for authorized senders to send an email using an organization's domain.
While DMARC compliance is highly effective at stopping an impersonation attack based on illegitimate use of an actual domain, it does nothing to address email spoofing that uses look-alike domains, display name spoofing, newly registered domains or reply-to mismatches. That's why, when seeking solutions that can help to prevent an email data breach, more organizations today look for multilayered defenses against email fraud.
Achieving DMARC compliance — and more — with Mimecast
To provide organizations with a wider set of tools for email security and information protection, Mimecast offers an all-in-one subscription service for email security, archiving and continuity. Mimecast's SaaS-based offering provides a multilayered approach to email security and a suite of solutions that help reduce the cost and complexity of managing business email.
Mimecast helps to ensure DMARC compliance through the Mimecast Secure Email Gateway. Combining threat intelligence and sophisticated protection engines, Secure Email Gateway performs DNS authentication to check on SPF, DKIM and DMARC compliance. Combined with Mimecast DMARC Analyzer, Mimecast provides visibility that helps to detect and block unauthorized use of an organization's domains to prevent spoofing and impersonation attacks.
More than DMARC compliance — additional solutions to combat email attacks
In addition to helping organizations with DMARC compliance, Mimecast provides comprehensive defenses against other kinds of advanced threats with tools to protect against malicious URLs, weaponized attachments, social engineering and threats from malicious insiders. Additionally, Mimecast provides secure messaging services that enable employees to securely send sensitive information and large files up to 2 GB from their email inbox. Mimecast also offers tools for content control and data loss prevention that can help to identify and block potential leaks, both inadvertent and malicious.
DMARC compliance FAQs
What is DMARC compliance?
DMARC compliance refers to email that is sent in compliance with specifications of the Domain-based Message Authentication, Reporting and Conformance protocol. The DMARC protocol leverages two established authentication standards, Sender Policy Framework (SPF) and the DomainKeys Identified Mail (DKIM), to enable mail servers to determine whether an inbound message from a specific domain is legitimate or not.
DMARC essentially ensures that email is properly authenticating against DKIM and SPF standards, and enables sending organizations to post policies to their DNS record about how to handle messages that don’t authenticate. DMARC also enables receiving mail senders to send aggregate and forensic reports back to senders, providing greater visibility into what messages are not authenticating, and why.
How to achieve DMARC compliance?
DMARC compliance relies on compliance with SPF and DKIM protocols, which is achieved when a message authenticates and aligns. For SPF, this means that the reverse DNS of the sending IP must align with the domain of the visible “from” address. For DKIM, the DKIM signature must be from the same domain as the visible “from” address.
What are the benefits of DMARC compliance?
Improving DMARC compliance provide several advantages for organizations. By enabling receiving mail servers to determine whether inbound messages are legitimate or not, DMARC compliance helps to prevent illegitimate email from a sender’s domain from being involved in cyberattacks. Because DMARC enables reporting on which messages authenticate and why, DMARC compliance also helps to provide greater visibility into who is sending email using an organization’s email domain.
Why is DMARC compliance important?
Email continues to be a primary vector for cyberattacks, with phishing attacks accounting for approximate 90% of data breaches. DMARC compliance helps organizations to prevent attackers from their domains to launch a domain spoofing attack to target other companies or individuals.
Does DMARC compliance prevent spoofing?
DMARC compliance can help to prevent direct domain spoofing, where attackers use the exact domain of a company when sending an illegitimate message. However, DMARC compliance is unable to prevent attacks that use other forms of spoofing, including:
- Look-alike domains, where a domain in an email resembles a legitimate domain name but is spelled slightly differently. Look-alike domains may substitute characters that look similar or they may use characters from other character sets, such as Cyrillic, that look almost identical to the Latin character set used in English and most European languages.
- Newly registered domains, where attackers launch attacks using a domain that has just been registered and that won’t show up on threat intelligence reports about sites that are known to be malicious.
- Display name spoofing, where attackers use a display name that suggests the email comes from a trusted source, but where the actual email address is quite different. This type of attack is especially successful on mobile devices where the display name is frequently the only bit of identification that users see.
- Reply-to mismatches, where emails use a different reply-to address than the one that is displayed in the message.
