Have you ever wondered why your legitimate emails sent to customers end up going to a spam or a quarantine folder? Did a customer send you something that your own mail program quarantined for some reason?
Incidents like this have been increasing over the last few months due to new anti-phishing and email spoofing protections added to Microsoft 365.
Email spoofing is a common tactic used in phishing attacks. It’s when a phishing attacker uses a company’s email domain in the “From” area of an email, but the email is not actually from that company.
This is done to try to trick a recipient into believing the phishing email is legitimate, meaning they’ll be much more likely to click a malicious link or open a malware attachment.
Over $300 million was lost by companies in 2019 due to email spoofing.
There are two main ways that cybercriminals use spoofing:
- To trick company employees into believing a phishing email is from someone within their organization
- To trick employees at companies that do business with the spoofed company into believing it’s a legitimate email
An example of this would be a phishing campaign that targets customers of a web hosting company. The email could warn that service would be cut off unless they click a link to sign in and take some type of action.
If the user wasn’t looking at the email closely, they would see the “From” email as one from a trusted source (their web host) and may end up putting their login details into a form designed to steal them and then release malware instantly into the server.
How Does Email Spoofing Hurt Businesses?
There are three distinct ways that having your company’s email domain spoofed can cost you money and hurt your business.
Customers Blame Your Company for an Attack
If one of your customers suffers a data breach due to a phishing attack that spoofed your email address, they may think you’re too risky to do business with, even though you had nothing to do with the attack.
You Suffer a Cybersecurity Incident
If just one of your employees is fooled by a phishing campaign spoofing your company’s email, it can mean a data breach or ransomware infection, costing you significantly.
Productivity Suffers Due to Email Delivery Problems
The added security protections by email providers, like Microsoft and others, added to combat the growing problem with email spoofing can mean your own emails aren’t delivered.
If you haven’t properly set up email authentication, then emails that are sent on your behalf by programs like MailChimp or Salesforce can get caught in a spoofing filter because they’re not originating from your mail server.
How to Protect Your Domain from Email Spoofing with SPF/DKIM/DMARC
Email spoofing used to be one of those tactics that wasn’t picked up by standard anti-phishing software. Which is why there has been a push by email providers to find ways to catch it to protect users from phishing attacks.
They do this largely by using software that looks for a mismatch between a domain’s mail server IP address and the IP address of the server that sent the message.
Email authentication is the proper way to speak to the receiving mail server to confirm email sent on your domain is legitimate, so it won’t be blocked by a spoofing filter. If you deploy it correctly, you can also ensure that your own users won’t become victims of email spoofing and that you’ll know if someone is trying to spoof your domain.
There are three protocols that are used together to perform the authentication. These are all set up on your mail server or the service that sends your mail (i.e. Microsoft 365.)
Sender Policy Framework (SPF)
SPF is the first protocol and it tells the receiving mail server whether or not the IP address that is approved to send email is the one that actually sent the email message in question.
When you use SPF to set up approved IP addresses to send mail on your domain, you can stop problems with your MailChimp and other 3rd party service email from getting blocked.
DomainKeys Identified Mail (DKIM)
DKIM adds the next layer and lets the incoming server know that not only do the IP addresses match (or not), but that the message hasn’t been altered during transmission.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC is the third protocol that ties the other two together and can provide you with important details on what’s happening with your email domain.
- Confirms whether or not both SPF and DKIM have passed authentication
- Tells the receiving mail server what to do with unauthenticated email (i.e. send to “trash” folder)
- Instructs the receiving mail server to send confirmation back about any messages that have or have not passed authentication
Have Email Authentication Set Up Today!
Anti-phishing filters are only going to get stronger. Ensure your email is delivered and protect yourself by working with C Solutions to have SPF/DKIM/DMARC put in place for your email.
Schedule a free technology consultation today! Call 407-536-8381 or reach us online.