May 20, 2020 Zachary Kitchen

Stop Spammers from Spoofing Your Email & Stop Blocked Message Problems at the Same Time

It’s no surprise that phishing remains one of the biggest problems that companies face. Phishing attacks are responsible for a majority of data breaches and other cybersecurity incidents that happen around the world.

And things have been getting worse.

Here are a few recent indicators that not only does phishing remain strong, but that it’s becoming even more of a problem:

  • In March, the FBI put out an alert about phishing and COVID-19 fraud schemes
  • In April, a joint alert by US and UK cybersecurity agencies warned of a “large volume” of phishing campaigns
  • Microsoft 365 was updated recently with anti-phishing protections like “spoof intelligence.”

And while a company may have excellent managed antivirus protection to safeguard their network from a phishing attack, there is another way they can be impacted.

One of the problems for businesses when it comes to phishing doesn’t have anything to do with receiving the phishing emails, it has to do with its email address being used in the “From” line of a phishing campaign.

When a cybercriminal sends out phishing emails, they often want to use a trusted company name in the “From” section of the message. This often tricks the recipient into believing the email is from that company even through it was sent by another email address altogether.

This is called email spoofing, and it can cause two major problems:

  • Recipients believe the company in the “From” line is sending spam and phishing and it can harm the company’s reputation as a result.
  • A company’s legitimate emails can get bounced from mail servers because of increased protections put in place by mail server providers (like Microsoft) against email spoofing.

How do you stop both those problems? 

You can stop this by adopting a three-tiered system of email message authentication using SPF, DKIM, and DMARC.

How SPF/DKIM/DMARC Email Authentication Helps Your Business

When Microsoft beefed up their email spoofing detection in their mail service last month, it caused businesses to begin to see new problems with their emails never making it to recipients or their client emails not making it to them.

Why did this happen when they weren’t sending phishing or spoofing an email?

The main reason is the use of cloud services to send emails on behalf of a company, and a company not using proper email authentication.

For example, if you are sending out email through a CRM service like Zendesk, you can designate the email you want shown in the “From” line, such as “support@mycompany.com.” 

But if you haven’t set up your mail server with proper authentication, then the incoming mail server will see that the domain address of the server sending the mail (Zendesk) does not match that of the domain in the “From” line and can mistake it for email spoofing.

What typically happens is that the recipient’s mail server will send the message to a “Junk” or “Quarantine” folder or reject it and not deliver it at all.

This is why the three email authentication steps are important. They’re set up on your mail server or service and embed details in the message to let the incoming mail server know that the message is not phishing or email spoofing.

Here’s how all three work together to protect both your reputation and your mail delivery.

Sender Policy Framework (SPF)

This first authentication protocol gives you the ability to tell the receiving mail server which IP addresses are approved to send messages on your domain.

This lets the receiving mail server know if a phishing attacker is spoofing your domain address in the message without your permission. It can also let them know that you’ve approved a 3rd party app (like Zendesk, Constant Contact, etc.) to send mail with your domain in the “From” line so it won’t reject it. 

DomainKeys Identified Mail (DKIM)

DKIM goes a bit farther with the authentication. It uses two encryption keys, one that travels with the email and one that stays on your mail server. When the message is received, the mail service can check those keys to ensure that the message address or other important details have not been altered.

This is another verification that the server sending the message is approved for that domain address.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC brings everything together and provides important instructions to the receiving mail server.

This protocol checks that both SPF and DKIM have authorized correctly. It tells the mail server what to do if they don’t match (i.e. reject the message). DMARC also can tell the receiving mail server to report back about any messages that have passed or not passed the authentication.

This last step is important because it can instantly alert you if someone is trying to spoof your email address in a phishing attack.

Get Help Setting Up Email Authentication from Digital Crisis

Email restrictions are only going to be getting stronger to combat phishing attacks. Now is the time to enact email authentication to protect your information flow and reputation. 

Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.

Let's make IT better.

Providing superior, high-quality, and professional I.T. services in the Houston Area.

Digital Crisis LLC

P.O. BOX 6527
Houston, Texas 77265

✉ contact@digitalcrisis.com

☎ (713) 965-7200

Business Hours
Mon-Fri 9 am-5 pm CST
Saturday & Sunday: Closed
Emergency Support: 24/7

contact-section