Ecommerce company ensures email deliverability and cuts phishing attacks on customers
- Mimecast DMARC Analyzer
- Attackers were spoofing the company’s domains to target customers with phishing emails – damaging their brand
- Legitimate email wasn’t being delivered as multiple ISPs blacklisted the company’s domains
- Limited visibility meant it was difficult to investigate and resolve the domain spoofing problem
- Within a year, all the company’s domains are protected, putting an end to phishing attacks on customers and ensuring legitimate email deliverability
- A DMARC specialist supported the project from start to finish, supplementing the limited internal expertise and saving time
Email is a critical tool for this ecommerce company. It’s the primary way they communicate with customers and drive business, with daily deals being sent via email. As such, the company needed to ensure that all emails they send are successfully delivered to their customers, while malicious email attempting to phish their customers, as well as their own employees, is blocked.
Legitimate emails were blocked and customers were being phished
The problem came to a head when the company was blacklisted by several ISPs, meaning emails could not be delivered. Emails able to get through were being marked as spam. This situation was directly impacting their business. With limited insight into the sources sending email on their behalf, they had no way of combatting these ongoing spoofing attacks. They needed a solution that would give them the visibility into their email channels to identify and stop fraudulent emails while ensuring deliverability of legitimate emails to their customers.
Our company has a database of 850.000 email addresses. We’re sending out millions of emails every month. Before deploying DMARC our domains were spoofed.
Insight and support every step of the way
The customer used Mimecast DMARC Analyzer to collect DMARC reports after publishing the custom monitoring-only DMARC record into their DNS. These reports provided full visibility into all their email channels. To help resolve their challenges, they chose to use the optional Mimecast managed service, where a DMARC deployment specialist actively supports and guides the project. The specialist helped by investigating each sending source and ultimately ensured that each (legitimate) sending source would become DMARC compliant.
Working together with the customer, the Mimecast specialist aligned all SPF and or DKIM checks for their legitimate sending sources. This helped them achieve a near full compliance rate. A particular sending source with forwarding issues was ultimately discovered to be breaking both SPF and DKIM. The decision was made together with the customer to not apply a reject policy for this source, since this would result in the loss of many forwarded legitimate emails. Instead, a quarantine policy with a percentage tag of 100% was used. This way, emails that were initially not delivered at all, would be delivered to the spam folder of the receiver.
The Mimecast DMARC specialist then recommended that the customer create a subdomain for this specific source. That way a reject policy can be applied on the domains of the client and a quarantine policy can be placed on the specific subdomain.
The DMARC deployment specialists really helped us during the Managed Services project. After validating the sources with the Mimecast team we were able to protect all of our domains from being spoofed by deploying a DMARC policy.
Reliable email deliverability and no more phishing
The customer was able to use Mimecast DMARC Analyzer, supported further by their assigned DMARC specialist, to gain full visibility into their email channel. They were then able to authenticate all email with a DKIM signature and protect all their domains with a DMARC enforcement policy. The result? Their email deliverability improved, helping ensure that customers receive their emails into the inboxes. Critically, customers are now protected against phishing attacks spoofing the company’s domains.
Within a year all of our domains were protected.