3
Mar 17

FTC Study Released Regarding DMARC

Press release from Federal Trade Commission, March 3rd 2017

"In a study released today, the Federal Trade Commission’s Office of Technology Research and Investigation (OTech) reports that most major online businesses are using proper email authentication technology to prevent phishing emails, but few of these businesses are taking full advantage of the latest technologies to combat phishing.

Phishing is a type of online scam that targets consumers by sending them an e-mail that appears to be from a well-known source such as an internet service provider, a bank, or a mortgage company. It asks the consumer to provide personal identifying information, and then the scammer uses the information to open new accounts or invade the consumer’s existing accounts.

Specifically, the OTech study found that 86 percent of major online businesses it studied are using Sender Policy Framework (SPF), an email authentication technology that enables Internet Service Providers to determine whether messages that claim to be from the businesses’ email addresses actually come from the businesses. Fewer than 10 percent of the businesses, however, have implemented a supplemental technology known as Domain Message Authentication Reporting & Conformance (DMARC) in a manner which would allow the businesses to receive intelligence on potential spoofing attempts and to instruct ISPs to automatically reject any unauthenticated messages that claimed to be from the businesses’ email addresses.  By using DMARC to instruct receiving ISPs to reject unauthenticated messages, online businesses could further combat phishing by keeping these scam emails from showing up in consumers’ inboxes.

For a full analysis of the staff’s findings, and to learn about its methodology, read the entire Staff Perspective or watch this video."

Courtesy of the Federal Trade Commission 

14
Feb 17

Expansion of DMARC is Now Critical

DMARC reaches critical need
Press Release Reposted with Permission from The Global Cyber Alliance

Expansion of DMARC Critical to Reducing Spread of Malicious Emails


Global Cyber Alliance Calls on Leading Cyber Companies 
To Improve Email Protections

SAN FRANCISCO, February 14, 2017 – There is a fix that can prevent a great amount of email-born attacks on consumers and businesses. Unfortunately, the vast majority of public and private organizations globally, including leading cyber security companies, have not deployed DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent spammers and phishers from using an organization’s name to conduct cyber attacks, according to new research from the Global Cyber Alliance (GCA).

DMARC provides insight into any attempts to spam, phish or spear-phish using an organization’s brand or name. DMARC is supported by 85 percent of consumer email inboxes in the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email inboxes worldwide. However, DMARC adoption rates among enterprises and government remains low.

The UK Government’s guidance for government agencies directs them to implement DMARC but as of December 2016 only five percent of UK public sector domains had done so. A mere 16 percent of the healthcare sector has adopted DMARC.

The latest research from GCA, an international cross-sector organization dedicated to confronting systemic cyber risk, finds that adoption remains low in the cyber security industry as well.

Only 15 percent of the 587 email domains (that were scanned) for companies exhibiting at the RSA Conference -- one of the world’s largest gatherings of cyber security experts -- use DMARC. Of the 90 RSA exhibiting organizations that do use DMARC, more than 66 percent use the DMARC policy of “none,” which only monitors for email domains, greatly reducing the effectiveness of DMARC.

It is time for the cyber security industry to lead the charge and push for DMARC use across the globe. GCA strongly advocates that organizations implement DMARC and has developed a free DMARC Setup Guide to make DMARC implementation easier (https://dmarc.globalcyberalliance.org/).

The value of correctly implementing DMARC is clear as studiesiii have shown that organizations that use DMARC correctly receive just 23 percent of the email threats that those who do not use DMARC.

“As world leaders in cyber security, we can do better. DMARC protects brands and preserves consumer confidence.  While no security effort is cost-free, clear guidance and tools, such as the GCA DMARC Setup Guide, make DMARC implementation practical, and the benefits are considerable. DMARC is one of the cyber security protocols that can broadly reduce risk, and the more it is implemented, the more protection if offers for everyone,” said Philip Reitinger, President and CEO of GCA. “I’m placing a stake in the ground and calling on the cyber security industry to lead the adoption of DMARC, with a goal that 50 percent of the companies that exhibit at the 2018 RSA Conference implement DMARC prior to the conference, and that 90 percent implement prior to the 2019 RSA Conference. Working together the cyber security industry can be a role model and make a difference.”

About The Global Cyber Alliance

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to confronting cyber risk and improving our connected world. It is a catalyst to bring communities of interest and affiliations together in an environment that sparks innovation with concrete, measureable achievements. While most efforts at addressing cyber risk have been industry, sector, or geographically specific, GCA partners across borders and sectors. GCA’s mantra “Do Something. Measure It.” is a direct reflection of its mission to eradicate systemic cyber risks.

GCA, a 501(c)3, was founded in September 2015 by the Manhattan District Attorney’s Office, the City of London Police and the Center for Internet Security. Learn more at www.globalcyberalliance.org.

 

[i] https://www.gov.uk/guidance/set-up-government-email-services-securely

[ii] https://www.ncsc.gov.uk/blog-post/making-email-mean-something-again

[iii] https://www.helpnetsecurity.com/2017/02/01/phishing-display-name-spoofs/

 

6
Feb 17

Sub-domain Abuse Goes Mainstream

 

Last week, LinkedIn was the target of a massive, global cyber attack.

The attack came in the form of phishing that looks almost exactly like real LinkedIn address confirmation emails. Only two things differed: Read the rest of this entry »

9
Jan 17

Subdomain Management Changes

As many of you may have noticed, there have recently been some changes to the UI regarding subdomains. After talking with people about how subdomains were being used and abused across the internet, we decided to spend some time rethinking how dmarcian process, sorts and displays subdomains. These new changes allow our system to handle large quantities of subdomains more efficiently and accurately.

Read the rest of this entry »

23
Jun 16

What is "External Destination Verification"?

A domain's DMARC record can tell the world to send DMARC reports to a different domain. For example, the domain example.org might have a DMARC record of:

v=DMARC1; p=none; rua=mailto:dmarc_reports@sample.net

This DMARC record tells people to send reports regarding example.org to the email address of "dmarc_reports@sample.net". Before reports are sent, sample.net must tell the world that it is OK to send example.org's reports to sample.net. Otherwise, reports will not be sent to sample.net.

Allowing "external" domains to accept DMARC reports is called "External Domain Verification".

Read the rest of this entry »

19
May 16

Explanation of CSV columns in data exports

dmarcian users can export Detail Viewer data via CSV.  When doing so, the CSV will contain the following columns: Read the rest of this entry »

5
Feb 16

Office Hours


Tim Draegen will be at M3AAWG in San Francisco - 2/16 thru 2/18 - See you There!!


Please join dmarcian during our next Office Hours:

Thursday, 14 April 2016

1PM EST (UTC-5)

Go to: https://www.uberconference.com/dmarcian

or call 828-385-4949 . No PIN needed.

If this is your first time with UberConference, run this test


Here's some of the work we've been doing to make DMARC easier for you:

New Feature -

Check out the new Source Viewer tool to view all DMARC capable sources who send on behalf of your domains. The goal is to move DMARC compliance for each toward 100%.

New Article -
SMTP Relay for Third Party Sender DMARC Compliance

Updated pages -
Training
Deployment Services
Space Library Table of Contents


Professional DMARC Tools, Services & Support

7
Dec 15

We're very pleased to release a bunch of short videos (9 of them!) that walk through various aspects of DMARC.  These videos draw upon the best of our training courses, are freely available, and can be viewed at your leisure.

These videos stand by themselves and should be accessible even to the less technically inclined among us.  If you've got an hour and you'd like to become an expert in DMARC, view them in order and then let us know how you feel!

  1. DMARC - Overview
  2. DMARC - How It Works
  3. DMARC - Benefits
  4. DMARC - Return on Investment
  5. DMARC - Deployment Process
  6. SMTP Overview
  7. SPF Overview
  8. DKIM Overview
  9. DMARC - Technical Overview

One day we might even make some animations out of these, but one thing at a time..