In the State of Email Security, Mimecast reports that email “impersonation attacks increased almost 70 percent in comparison to the results in last year’s report – with 73 percent of those organizations impacted by impersonation attacks having experienced a direct loss, specifically loss of customers (28%), financial loss (29%) and data loss (40%). Phishing attacks were the most prominent type of cyberattack, with 94 percent of respondents having experienced phishing and spear phishing attacks in the previous 12 months, and 55 percent cited seeing an increase in phishing attacks over the same time period.”
With those scary numbers in front of us, it’s no big surprise that successful phishing attacks are negatively affecting brand identity, brand loyalty and email engagement. The domain(s) from which you send your email marketing campaigns as well as your internal and external communications are key in your cumulative online identity. Not only does email connect employees, partners and customers, it is part of your brand and represents your organization to the outside (and inside) world.
Along with making sure your emails to customers, staff and partners are delivered to the intended mailboxes, you also have to assure that bogus emails appearing to be from your domain do not make it to your audiences.
Domain-Based Message Authentication Reporting and Conformance (DMARC) arrived on the scene in 2012 and quickly became the email authentication industry standard, if not a requirement, for preventing phishing and spoofing attempts—the number one attack trajectory for nefarious third parties.
Adding SPF, DKIM, and an aggressive DMARC policy to your DNS will reduce the possibility of your domain being abused. Though it isn’t the silver bullet (there isn’t one!), DMARC is a no-brainer for keeping domains and the associated brands safe and sound.
Co-authored by dmarcian’s founder, DMARC is a free and open technical specification that describes how to make email easy to identify. Email senders are given precise directions on how to configure their email. Email receivers use DMARC to verify that email comes from the Internet domain from which is claims to come. (insert link to Receivers post when live)
People who operate their own Internet email domain (everything to the right of the “@” sign in an email address) can deploy DMARC. By always sending DMARC compliant email, the operator of the Internet domain can tell the world (including servers) “everything I send is easy to identify using DMARC — feel free to drop fake email that pretends to be me.”
Here’s an example from the Global Cyber Alliance: A major U.S.-based insurance company with a p=reject DMARC policy receives and rejects approximately 60 million fraudulent email messages from being delivered. The result is lower risk and better email engagement.
Here are a few final points to remember:
- Positive brand reputation improves engagement and positive domain reputation improves deliverability.
- DMARC is helping organizations of every size and shape ensure reliability and prevent phishing and domain spoofing.
- The majority of Business Email Compromise (BEC) instances originate with phishing and impersonation attacks.
- Configuring DMARC helps receivers evaluate messages that claim to be from your domain and is a vital step in improving deliverability and brand trust.
- An effective first-step in discovering DMARC’s potential is checking the DMARC status of your domain(s).
- Get free access to DMARC tools
- Learn more about DMARC
If you have any questions about DMARC or its relation to deliverability and brand identity, just ask us.