If you’re reading this, you’re probably familiar with DMARC reports. Or at least Aggregate Reports (RUA) which you receive when you implement DMARC. Aggregate reports are sent on a daily basis and contain incredibly useful info about emails sent from your domain that failed DMARC, SPF or DKIM authentication. You can see senders’ IP addresses, the number of emails and what day they were sent on, and lots more fun stuff. Check out our in-depth look at DMARC aggregate reports here.

But there’s another kind of report you might not have heard of, the less popular cousin of aggregate reports, so to speak. I’m talking about DMARC Forensic Reports (RUF), also known as Failure Reports. Although these serve, for the most part, the same role as aggregate reports, they’re very different in a lot of ways. Let me show you what I mean.

What Even Are Forensic Reports?

The best way to talk about RUF is to understand how they’re different from RUA. Aggregate reporting is meant to give you a general overview of the status of email in your domain, so you understand which of your emails and how many of them are having issues getting authenticated, as well as sending sources that may or may not be authorized.

Forensic reports do pretty much the same thing, but kicked into overdrive. Instead of sending a daily report with a summary of all emails that have authentication problems, forensic reports are sent for each individual email that fails DMARC validation. They function almost like a notification, and only contain details specific to that one email that caused the issue.

This goes way beyond the amount of information an aggregate report provides, and can greatly improve your chances of pinpointing the source of the problem as early and as accurately as possible. Learn more about forensic reports by clicking here.

Why Don’t Many Receivers Support Forensic Reports?

Many receiving servers don’t support sending forensic reports to the domain owner, which means that even if you have RUF enabled, you might not receive reports for all emails that fail authentication. There’s an important reasons for this:

Privacy concerns

Although forensic reports usually filter out almost all personally identifiable information from the email, some data like the email subject or recipient email address , which if revealed could be a breach of user privacy. Many email receivers are extremely exacting in what kinds of information from the email can be displayed in a report.

For more information regarding privacy with DMARC, check out our full breakdown on how PowerDMARC protects user privacy.

But that isn’t to say forensic reports aren’t an important resource for your email security strategy. With the amount of granular data they provide, they can offer incredible insight into what’s going on with your unauthenticated mail.

Why Does Forensic Report Data Matter?

While it might seem like forensic reports aren’t such a good idea after all, you’d be surprised at how useful they can be to help you figure out what’s going wrong with your emails. After all, the more data you have, the more accurately you’ll be able to diagnose the problem.

Forensic reports contain highly detailed information about the relevant email, including:

  • recipient email address
  • SPF and DKIM authentication results
  • time email was received
  • DKIM signature
  • email subject
  • email headers, including custom headers
  • host that sent the email
  • email message ID

All of these data points are like pieces of a puzzle, and by putting them together, you’ll be in a far better position to confidently determine the exact source of your email delivery issues. They offer an unprecedented amount of visibility into exactly who is threatening to compromise your domain, giving you a wealth of data to work with. The more data you have on your sending sources, especially malicious ones, the more capable your organization will be to take action against them by pinpointing the abusive IP and having it taken down or blacklisted.

PowerDMARC supports DMARC Forensic Reporting, where you can generate PDF reports on demand, as well as advanced privacy options like Forensic Report Encryption to keep any sensitive data completely safe.

 

At first glance, Microsoft’s Office 365 suite seems to be pretty…sweet, right? Not only do you get a whole host of productivity apps, cloud storage, and an email service, but you’re also protected from spam with Microsoft’s own email security solutions. No wonder it’s the most widely adopted enterprise email solution available, with a 54% market share and over 155 million active users. You’re probably one of them, too.

But if a cybersecurity company’s writing a blog about Office 365, there’s got to be something more to it, right? Well, yeah. There is. So let’s talk about what exactly the issue is with Office 365’s security options, and why you really need to know about this.

What Microsoft Office 365 Security is Good At

Before we talk about the problems with it, let’s first quickly get this out of the way: Microsoft Office 365 Advanced Threat Protection (what a mouthful) is quite effective at basic email security. It will be able to stop spam emails, malware, and viruses from making their way into you inbox.

This is good enough if you’re only looking for some basic anti-spam protection. But that’s the problem: low-level spam like this usually doesn’t pose the biggest threat. Most email providers offer some form of basic protection by blocking email from suspicious sources. The real threat—the kind that can make your organization lose money, data and brand integrity—are emails carefully engineered so you don’t realize that they’re fake.

This is when you get into serious cybercrime territory.

What Microsoft Office 365 Can’t Protect You From

Microsoft Office 365’s security solution works like an anti-spam filter, using algorithms to determine if an email is similar to other spam or phishing emails. But what happens when you’re hit with a far more sophisticated attack using social engineering, or targeted at a specific employee or group of employees?

These aren’t your run-of-the-mill spam emails sent out to tens of thousands of people at once. Business Email Compromise (BEC) and Vendor Email Compromise (VEC) are examples of how attackers carefully select a target, learn more information about their organization by spying on their emails, and at a strategic point, send a fake invoice or request via email, asking for money to be transferred or data to be shared.

This tactic, broadly known as spear phishing, makes it appear that email is coming from someone within your own organization, or a trusted partner or vendor. Even under careful inspection, these emails can look very realistic and are nearly impossible to detect, even for seasoned cybersecurity experts.

If an attacker pretends to be your boss or the CEO of your organization and sends you an email, it’s unlikely that you’ll check to see if the email looks genuine or not. This is exactly what makes BEC and CEO fraud so dangerous. Office 365 will not be able to protect you against this sort of attack because these are ostensibly coming from a real person, and the algorithms will not consider it to be a spam email.

How Can You Secure Office 365 Against BEC and Spear Phishing?

Domain-based Message Authentication, Reporting & Conformance, or DMARC, is an email security protocol that uses information provided by the domain owner to protect receivers from spoofed email. When you implement DMARC on your organization’s domain, receiving servers will check each and every email coming from your domain against the DNS records you published.

But if Office 365 ATP couldn’t prevent targeted spoofing attacks, how does DMARC do it?

Well, DMARC functions very differently than an anti-spam filter. While spam filters check incoming email entering your inbox, DMARC authenticates outgoing email sent by your organization’s domain. What this means is that if someone is trying to impersonate your organization and send you phishing emails, as long as you’re DMARC-enforced, those emails will be dumped in the spam folder or blocked entirely.

And get this — it also means that if a cybercriminal was using your trusted brand to send phishing emails, even your customers wouldn’t have to deal with them, either. DMARC actually helps protect your business, too.

But there’s more: Office 365 doesn’t actually give your organization any visibility on a phishing attack, it just blocks spam email. But if you want to properly secure your domain, you need to know exactly who or what is trying to impersonate your brand, and take immediate action. DMARC provides this data, including the IP addresses of abusive sending sources, as well as the number of emails they send. PowerDMARC takes this to the next level with advanced DMARC analytics right on your dashboard.

Learn more about what PowerDMARC can do for your brand.

 

Let’s talk about spoofing for a minute. When you hear words like ‘phishing’, ‘business email compromise’ or ‘cybercrime’, what’s the first that pops into your head? Most people would think about something on the lines of email security, and chances are, you did, too. And that’s absolutely right: each of the terms I just mentioned are forms of cyberattack, where a criminal uses social engineering and other techniques to gain access to sensitive information and money. Obviously that’s bad, and organizations should do everything they can to protect themselves against it.

But there’s another side to this, one that some organizations simply don’t consider, and it’s one that’s equally important to them. Phishing doesn’t just put you at a higher risk of losing data and money, but your brand stands an equally large chance of losing out, too. In fact, that chance is as high as 63%: that’s how many consumers are likely to stop shopping a brand after just a single unsatisfactory experience.

How Do Email Phishing Attacks Harm Your Brand?

Understanding how phishing can compromise your organization’s systems is fairly straightforward. But the long-term effects of a single cyberattack? Not so much.

Think about it this way. In most cases, a user checking their email is likely going to click on an email from a person or brand they know and trust. If the email looks realistic enough, they wouldn’t even notice the difference between one that’s fake and one that’s not. The email might even have a link leading to a page that looks exactly like your organization’s login portal, where they type in their username and password.

Later on, once they hear that their credit card details and address have been leaked to the public, there’s nowhere to turn to but your organization. After all, it was ‘your email’ that caused the disaster, your lack of security. When your own customers totally lose faith in your brand and its credibility, it can cause huge problems for the optics of your brand. You’re not just the company that got hacked, you’re the company that allowed their data to be stolen through an email you sent.

It’s not hard to see how this could seriously hurt your bottom line in the long run, especially when new, potential customers are turned off by the prospect of being another victim of your emails. Cybercriminals take the trust and loyalty that your customers have in your brand, and actively use it against you. And that’s what makes Business Email Compromise (BEC) so much more than a technical security issue.

What Are Some of the Worst-Hit Industries?

Pharmaceutical companies are some of the most frequently targeted businesses for phishing and cyberattacks. According to a study of Fortune 500 pharmaceutical companies, in just the last 3 months of 2018, each company faced on average 71 email fraud attacks. That’s because drug companies hold valuable intellectual property on new chemicals and pharmaceutical products. If an attacker can steal this information, they can sell them on the black market for a hefty profit.

Construction and real estate companies aren’t too far behind, either. Financial service companies and financial institutions in particular face the constant threat of having sensitive data or large sums of money stolen from them through carefully planned Business as well as Vendor Email Compromise (VEC) attacks. 

All these industries benefit greatly from customers trusting their brands, and their relationship with the brands directly influences their business with the companies. If a consumer were to feel like that company wasn’t capable of keeping their data, money or other assets safe, it would be detrimental to the brand, and sometimes, irreparably so.

Learn more about email security for your specific industry.

How Can You Save Your Brand?

Marketing is all about building your brand image into something that audiences won’t just remember, but associate with quality and reliability. And the first step towards that is by securing your domain.

Cybercriminals spoof your organization’s domain and impersonate your brand, so when they send an email to an unsuspecting user, it will appear like it’s coming from you. Rather than expecting users to identify which emails are real and which ones aren’t (which very often is almost impossible, particularly for the layman), you can instead prevent those emails from entering users’ inboxes entirely.

DMARC is an email authentication protocol that acts like an instruction manual for a receiving email server. Every time an email is sent from your domain, the receiver’s email server checks your DMARC records (published on your DNS), and validates the email. If the email is legitimate, it ‘passes’ DMARC authentication, and gets delivered to the user’s inbox.

If the email is from an unauthorized sender, depending on your DMARC policy, the email can be either sent directly to spam, or even blocked outright.

Learn more about how DMARC works here.

DMARC can almost completely eliminate all spam emails that originate from your domain, because instead of blocking fake emails as they leave your domain, it instead checks for authenticity as the email arrives in the receiver’s server.

If you’ve already implemented DMARC and are looking for ways to take your brand security even further, there’s Brand Indicators for Message Identification (BIMI). This new email security standard affixes your brand’s logo next to every email from your domain that’s been authenticated by DMARC.

Now, when your customers see an email you’ve sent, they’ll associate your logo with your brand, improving brand recall. And when they see your logo, they’ll learn to only trust emails that have your logo next to them.

Learn more about BIMI here. 

When you’re in the cybersecurity space for as long as we’ve been, you start to notice patterns in how some organizations view the purpose of security. A lot of people see cybersecurity measures more as a way to meet compliance standards than to actually secure their digital processes. This is a rather myopic way of looking at it, because it fails to properly convey the real-world utility security has.

In a recent article by Gartner, they listed 10 top security projects for 2020-2021. According to security and risk management leaders, these are the most important strategies for organizations to not only mitigate the risk to their brand, but actually drive up their business value. “The key is to prioritize business enablement and reduce risk,” writes Kasey Panetta, ” and communicate those priorities effectively to the business.”

Among others, DMARC was listed as one of the most important security measures organizations can leverage for their business. So how does that work exactly? How is it supposed to improve your business value in the long run? Let’s find out.

DMARC is About More Than Just Email

Sure, if we’re going to be technical, then yes. DMARC is an email authentication protocol that helps receiving servers weed out fake email sent from your domain. But when properly implemented, DMARC is a tool brands can use to build trust, credibility and authenticity through their digital communications. It’s also a way to ensure that the brand message you’re trying to convey isn’t diluted or dampened by impersonation attempts.

It’s incredibly difficult for the average user to tell when they’re being spoofed, because of how innocuous the emails often look. They can be as simple as asking your customer to log in to your online service to update information, like these massive Office 365 phishing scams that compromised thousands of accounts. Or it could be as complex and carefully orchestrated as the Silent Starling attack of 2019.

DMARC protection isn’t just going to keep the spam email out of your customers’ inboxes. It’s how you’re going to ensure that your customers have the confidence to click on your emails when they see them. Email authentication doesn’t just bring measurable benefits like increased delivery rates, it offers real-world benefits to your brand that go beyond numbers on a graph.

5 Benefits of DMARC for Business

1. Information

This is the most tangible and measurable benefit of DMARC, and it comes in the form of DMARC reports. Once you set up DMARC, you can start receiving reports to your email about which emails failed SPF, DKIM and DMARC.

It also provides other useful information, such as the sender’s IP address, so you can see if they’re an authorized sender or not. You can see what percentage of your emails are being authenticated, which will affect deliverability, and you can check how many emails each IP sends, in case of suspicious activity.

2. Control

When you have information, you also have control. You can see if you’re having delivery issues due to DMARC, in which case you can take immediate action to rectify the problem and boost your email deliverability.

Additionally, if you spot an abusive IP spoofing your domain, you can even contact their hosting provider and have them taken down, eliminating the threat. When you have control over your communication channels, you’re also taking back control of your brand.

3. Security

This is the most obvious benefit of DMARC, since it was created with the intention of securing email senders and receivers from the dangers of phishing. With DMARC, the security benefits are twofold: both your staff and customers are protected from spam.

Attackers that impersonate your boss or CEO send phishing emails to your employees to get them to transfer money or give access to sensitive data. In other cases, they impersonate your brand and send fake emails to customers or the public.

In both scenarios, if the email comes from an unauthorized source, DMARC will identify it, and if you’re 100% DMARC enforced, the email will be automatically rejected.

4. Visibility

DMARC makes it possible to use BIMI (Brand Indicators for Message Identification). This protocol attaches your brand’s logo next to every email you send. If your email is validated by DMARC, the user will see your logo in the inbox.

This is useful for two reasons: Brand visibility, and Customer trust. Not only will users come to recognize and feel familiar with your brand after regularly seeing your logo, but they’ll know that only emails with your logo next to them are genuine.

5. Deliverability

Implementing DMARC tells your email service provider that you’re using a higher level of security than most domains. This will increase your domain’s reputation with the provider, and it will make it less likely for your genuine, authenticated emails to accidentally be marked as spam.

More emails make it to your customers’ inboxes, which means more clicks and engagement. And that never hurt, did it?

The DMARC journey is a carefully tuned process that looks at all aspects of your email usage patterns. Through careful monitoring and analysis, you can go from zero to 100% DMARC enforcement in just a couple of weeks. Here’s how it works.

 

Get in touch with us now to know more or start a free trial in order for us to provide you a fast track path to DMARC enforcement.

 

All of us at PowerDMARC are proud to announce that we have joined UK Crown Commercial Services G-Cloud 12 framework!

The UK Government’s Digital Marketplace is an online service for public sector organizations looking for services, people and technologies for various digital initiatives. It was created with the objective of making it easier and more cost-effective for public sector bodies in the UK to find and use cloud technology solutions.

We’ll be part of their G-Cloud framework as a supplier of DMARC authentication and cybersecurity services, listed in the Software-as-a-Service (SaaS) category of G-Cloud. Add a section for our link to their digital market place

Learn more about the G-Cloud 12 framework here:

https://www.digitalmarketplace.service.gov.uk/buyers/direct-award/g-cloud/start

https://www.digitalmarketplace.service.gov.uk/g-cloud/services/124488964256084

PowerDMARC, a Delaware-based DMARC and cybersecurity services provider, is announcing their latest partnership with Config, a French IT solutions distributor operating in Paris. A major player in the IT security and network services space in France, Config is looking to expand into the spheres of email security and authentication.

“Config is one of our first major distributors in Europe,” said Faisal Al Farsi, Co-Founder and CEO of PowerDMARC. “It’s a big step for us as a growing email authentication platform, because France is a very progressive country for pioneering tech in cyberspace. We’re really looking forward to expanding operations there and seeing increased DMARC adoption across Europe as a whole.”

For the last 20 years, Config has been a part of the growth of IT solutions and security in France. They boast a number of established clients that rely on their expertise to secure their network systems, servers and more. One of their hallmarks is providing tailor-made services that are fine-tuned to their clients’ needs, enabling them to act on security incidents quickly and effectively. 

Through this strategic partnership, Config has their sights on DMARC authentication services going big in France and securing their positions as the leading distributor of advanced PowerDMARC technology. By adding PowerDMARC solutions to their already wide array of solutions, they’re expected to make an impact in helping businesses both big and small secure their brands against spoofing attacks and email compromise.

Zouhir El Kamel, Founder and CEO of Config, commented on the new partnership. “There’s a lot of ground to be covered,” he said. “French businesses have only begun to recognize the importance of DMARC authentication in the last few years. We already have an established base of operations in France, Switzerland, Morocco and Africa, and puts us in a good position to help businesses in these countries get the security they need. With PowerDMARC’s platform, we’re confident we can make a difference.”


CONFIG (www.config.fr) is a value-added distributor  who accompanies more than 1000 integrators, editors and resellers in the sale of solutions distributed in the following ecosystems: 

Security and Cybersecurity Networks  Storage  Virtualisation and Cloud Solutions of  Vidéoprotection Config proposes to his partners  a custom-made support thanks to innovative marketing actions encouraging lead generation, the developed skills via technical trainings and certifications (Approved Center ATC) and a lot of différenciants services to develop the activity of the suppliers and the partners.

Config is headquartered in Paris, France, and now has more than 120 employees and several subsidiaries (Switzerland, Morocco, Tunisia, Algeria, Senegal, Ivory Coast, Sub-Saharan Africa).