Posts

PowerDMARC, a Delaware-based DMARC and cybersecurity services provider, is announcing their latest partnership with Config, a French IT solutions distributor operating in Paris. A major player in the IT security and network services space in France, Config is looking to expand into the spheres of email security and authentication.

“Config is one of our first major distributors in Europe,” said Faisal Al Farsi, Co-Founder and CEO of PowerDMARC. “It’s a big step for us as a growing email authentication platform, because France is a very progressive country for pioneering tech in cyberspace. We’re really looking forward to expanding operations there and seeing increased DMARC adoption across Europe as a whole.”

For the last 20 years, Config has been a part of the growth of IT solutions and security in France. They boast a number of established clients that rely on their expertise to secure their network systems, servers and more. One of their hallmarks is providing tailor-made services that are fine-tuned to their clients’ needs, enabling them to act on security incidents quickly and effectively. 

Through this strategic partnership, Config has their sights on DMARC authentication services going big in France and securing their positions as the leading distributor of advanced PowerDMARC technology. By adding PowerDMARC solutions to their already wide array of solutions, they’re expected to make an impact in helping businesses both big and small secure their brands against spoofing attacks and email compromise.

Zouhir El Kamel, Founder and CEO of Config, commented on the new partnership. “There’s a lot of ground to be covered,” he said. “French businesses have only begun to recognize the importance of DMARC authentication in the last few years. We already have an established base of operations in France, Switzerland, Morocco and Africa, and puts us in a good position to help businesses in these countries get the security they need. With PowerDMARC’s platform, we’re confident we can make a difference.”


CONFIG (www.config.fr) is a value-added distributor  who accompanies more than 1000 integrators, editors and resellers in the sale of solutions distributed in the following ecosystems: 

Security and Cybersecurity Networks  Storage  Virtualisation and Cloud Solutions of  Vidéoprotection Config proposes to his partners  a custom-made support thanks to innovative marketing actions encouraging lead generation, the developed skills via technical trainings and certifications (Approved Center ATC) and a lot of différenciants services to develop the activity of the suppliers and the partners.

Config is headquartered in Paris, France, and now has more than 120 employees and several subsidiaries (Switzerland, Morocco, Tunisia, Algeria, Senegal, Ivory Coast, Sub-Saharan Africa).

 

As a DMARC services provider, we get asked this question a lot: “If DMARC just uses SPF and DKIM authentication, why should we bother with DMARC? Isn’t that just unnecessary?”

On the surface it might seem to make little difference, but the reality is very different. DMARC isn’t just a combination of SPF and DKIM technologies, it’s an entirely new protocol by itself. It has several features that make it one of the most advanced email authentication standards in the world, and an absolute necessity for businesses.

But wait a minute. We’ve not answered exactly why you need DMARC. What does it offer that SPF and DKIM don’t? Well, that’s a rather long answer; too long for just one blog post. So let’s split it up and talk about SPF first. In case you’re not familiar with it, here’s a quick intro.

What is SPF?

SPF, or Sender Policy Framework, is an email authentication protocol that protects the email receiver from spoofed emails. It’s essentially a list of all IP addresses authorized to send email through your (the domain owner) channels. When the receiving server sees a message from your domain, it checks your SPF record that’s published on your DNS. If the sender’s IP is in this ‘list’, the email gets delivered. If not, the server rejects the email.

As you can see, SPF does a pretty good job keeping out a lot of unsavoury emails that could harm your device or compromise your organisation’s security systems. But SPF isn’t nearly as good as some people might think. That’s because it has some very major drawbacks. Let’s talk about some of these problems.

Limitations of SPF

SPF records don’t apply to the From address

Emails have multiple addresses to identify their sender: the From address that you normally see, and the Return Path address that’s hidden and require one or two clicks to view. With SPF enabled, the receiving email server looks at the Return Path and checks the SPF records of the domain from that address.

The problem here is that attackers can exploit this by using a fake domain in their Return Path address and a legitimate (or legitimate-looking) email address in the From section. Even if the receiver were to check the sender’s email ID, they’d see the From address first, and typically don’t bother to check the Return Path. In fact, most people aren’t even aware there is such a thing as Return Path address.

SPF can be quite easily circumvented by using this simple trick, and it leaves even domains secured with SPF largely vulnerable.

SPF records have a DNS lookup limit

SPF records contain a list of all the IP addresses authorized by the domain owner to send emails. However, they have a crucial drawback. The receiving server needs to check the record to see if the sender is authorized, and to reduce the load on the server, SPF records have a limit of 10 DNS lookups.

This means that if your organization uses multiple third party vendors who send emails through your domain, the SPF record can end up overshooting that limit. Unless properly optimized (which isn’t easy to do yourself), SPF records will have a very restrictive limit. When you exceed this limit, the SPF implementation is considered invalid and your email fails SPF. This could potentially harm your email delivery rates.

 

SPF doesn’t always work when the email is forwarded

SPF has another critical failure point that can harm your email deliverability. When you’ve implemented SPF on your domain and someone forwards your email, the forwarded email can get rejected due to your SPF policy.

That’s because the forwarded message has changed the email’s recipient, but the email sender’s address stays the same. This becomes a problem because the message contains the original sender’s From address but the receiving server is seeing a different IP. The IP address of the forwarding email server isn’t included within the SPF record of original sender’s domain. This could result in the email being rejected by the receiving server.

How does DMARC solve these issues?

DMARC uses a combination of SPF and DKIM to authenticate email. An email needs to pass either SPF or DKIM to pass DMARC and be delivered successfully. And it also adds one key feature that makes it far more effective than SPF or DKIM alone: Reporting.

With DMARC reporting, you get daily feedback on the status of your email channels. This includes information about your DMARC alignment, data on emails that failed authentication, and details about potential spoofing attempts.

If you’re wondering about what you can do to not get spoofed, check out our handy guide on the top 5 ways to avoid email spoofing.

When it comes to cybercrime and security threats, Business Email Compromise (BEC) is the big daddy of email fraud. It’s the type of attack most organizations are the least prepared for, and one they’re most likely to get hit by. Over the past 3 years, BEC has cost organizations over $26 billion. And it can be shockingly easy to execute.

BEC attacks involve the attacker impersonating a higher-up executive at the organization, sending emails to a newly hired employee, often in the financial department. They request fund transfers or payments of fake invoices, which if executed well enough, can convince a less experienced employee to initiate the transaction.

You can see why BEC is such a huge problem among major organizations. It’s difficult to monitor the activities of all your employees, and the less experienced ones are more prone to falling for an email that seems to be coming from their boss or CFO. When organizations asked us what’s the most dangerous cyberattack they needed to watch out for, our answer was always BEC.

That is, until Silent Starling.

Organized Cybercrime Syndicate

The so-called Silent Starling is a group of Nigerian cybercriminals with a history in scams and fraud going as far back as 2015. In July 2019, they engaged with a major organization, impersonating the CEO of one of their business partners. The email asked for a sudden, last minute change in bank details, requesting an urgent wire transfer.

Thankfully, they discovered the email was fake before any transaction occurred, but in the ensuing investigation, the disturbing details of the group’s methods came to light.

In what’s now being called Vendor Email Compromise (VEC), the attackers launch a significantly more elaborate and organized attack than typically happens in conventional BEC. The attack has 3 separate, intricately planned-out phases that seem to require a lot more effort than what most BEC attacks usually require. Here’s how it works.

VEC: How to Defraud a Company in 3 Steps

Step 1: Breaking in

The attackers first gain access to the email account of one or more individuals at the organization. This is a carefully orchestrated process: they find out which companies lack DMARC-authenticated domains. These are easy targets to spoof. Attackers gain access by sending employees a phishing email that looks like a login page and steal their login credentials. Now they have complete access to the inner workings of the organization.

Step 2: Collecting information

This second step is like a stakeout phase. The criminals can now read confidential emails, and use this to keep an eye out for employees involved in processing payments and transactions. The attackers identify the target organization’s biggest business partners and vendors. They gather information about the inner workings of the organization — things like billing practices, payment terms, and even what official documents and invoices look like.

Step 3: Taking action

With all this intelligence collected, the scammers create an extremely realistic email and wait for the right opportunity to send it (usually just before a transaction is about to take place). The email is targeted at the right person at the right time, and is coming through a genuine company account, which makes it next to impossible to identify.

By perfectly coordinating these 3 steps, Silent Starling were able to compromise their target organization’s security systems and nearly managed to steal tens of thousands of dollars. They were among the first to try such an elaborate cyberattack, and unfortunately, they’ll certainly not be the last.

I Don’t Want to Be a Victim of VEC. What Do I Do?

The really scary thing about VEC is that even if you’ve managed to discover it before the scammers could steal any money, it does not mean no damage has been done. The attackers still managed to get complete access to your email accounts and internal communications, and were able to get a detailed understanding of how your company’s finances, billing systems and other internal processes work. Information, especially sensitive information like this, leaves your organization completely exposed, and the attacker could always attempt another scam.

So what can you do about it? How are you supposed to prevent a VEC attack from happening to you?

1. Protect your email channels

One of the most effective ways to stop email fraud is to not even let the attackers begin Step 1 of the VEC process. You can stop cybercriminals from gaining initial access by simply blocking the phishing emails they use to steal your login credentials.

The PowerDMARC platform lets you use DMARC authentication to stop attackers from impersonating your brand and sending phishing emails to your own employees or business partners. It shows you everything going on in your email channels, and instantly alerts you when something goes wrong.

2. Educate your staff

One of the biggest mistakes even larger organizations make is not investing a little more time and effort to educate their workforce with a background knowledge on common online scams, how they work, and what to look out for.

It can be very difficult to tell the difference between a real email and a well-crafted fake one, but there are often many tell-tale signs that even someone not highly trained in cybersecurity could identify.

3. Establish policies for business over email

A lot of companies just take email for granted, without really thinking about the inherent risks in an open, unmoderated communication channel. Instead of trusting each correspondence implicitly, act with the assumption that the person on the other end isn’t who they claim to be.

If you need to complete any transaction or share confidential information with them, you can use a secondary verification process. This could be anything from calling the partner to confirm, or have another person authorize the transaction.

Attackers are always finding new ways to compromise business email channels. You can’t afford to be unprepared.

 

For a lot of people, it’s not immediately clear what DMARC does or how it prevents domain spoofing, impersonation and fraud. This can lead to serious misconceptions about DMARC, how email authentication works, and why it’s good for you. But how do you know what’s right and what’s wrong? And how can you be sure you’re implementing it correctly? 

PowerDMARC is here to the rescue! To help you understand DMARC better, we’ve compiled this list of the top 6 most common misconceptions about DMARC.

1. DMARC is the same as a spam filter

This is one of the most common things people get wrong about DMARC. Spam filters block incoming email that are delivered to your inbox. These can be suspicious emails sent from anyone’s domain, not just yours. DMARC, on the other hand, tells receiving email servers how to handle outgoing email sent from your domain. Spam filters like Microsoft Office 365 ATP don’t protect against such cyberattacks. If your domain is DMARC-enforced and the email fails authentication, the receiving server rejects it.

2. Once you set up DMARC, your email is safe forever

DMARC is one of the most advanced email authentication protocols out there, but that doesn’t mean it’s completely self-sufficient. You need to regularly monitor your DMARC reports to make sure emails from authorized sources are not being rejected. Even more importantly, you need to check for unauthorized senders abusing your domain. When you see an IP address making repeated attempts to spoof your email, you need to take action immediately and have them blacklisted or taken down.

3. DMARC will reduce my email deliverability

When you set up DMARC, it’s important to first set your policy to p=none. This means that all your emails still get delivered, but you’ll receive DMARC reports on whether they passed or failed authentication. If during this monitoring period you see your own emails failing DMARC, you can take action to solve the issues. Once all your authorized emails are getting validated correctly, you can enforce DMARC with a policy of p=quarantine or p=reject.

4. I don’t need to enforce DMARC (p=none is enough)

When you set up DMARC without enforcing it (policy of p=none), all emails from your domain—including those that fail DMARC—get delivered. You’ll be receiving DMARC reports but not protecting your domain from any spoofing attempts. After the initial monitoring period (explained above), it’s absolutely necessary to set your policy to p=quarantine or p=reject and enforce DMARC.

5. Only big brands need DMARC

Many smaller organizations believe that it’s only the biggest, most recognizable brands that need DMARC protection. In reality, cybercriminals will use any business domains to launch a spoofing attack. Many smaller businesses typically don’t have dedicated cybersecurity teams, which makes it even easier for attackers to target small and medium-size organizations. Remember, every organization that has a domain name needs DMARC protection!

6. DMARC Reports are easy to read

We see many organizations implementing DMARC and having the reports sent to their own email inboxes. The problem with this is that DMARC reports come in an XML file format, which can be very difficult to read if you’re not familiar with it. Using a dedicated DMARC platform can not only make your setup process much easier, but PowerDMARC can convert your complex XML files into easy to read reports with graphs, charts and in-depth stats.

 

Mr. Yaqoob Al Awadhi, CEO of NGN International, a full-fledged systems integrator and IT consultant headquartered in Bahrain, has spoken out regarding email security and spoofing. In a statement, he said that emails have become one of the most common methods of internet fraud employed to steal money and sensitive data from individuals and organizations alike.

He revealed that his company will be partnering with PowerDMARC, a Delaware-based DMARC solutions provider, to launch an email authentication and anti-spoofing platform in Bahrain to provide the most powerful cybersecurity standards for email.

“If there’s one thing common to nearly all major data breaches and internet scams you’ve read about in the news, it’s that they start with email,” Mr. Al Awadhi said. “These breaches may cost companies and organizations losses amounting to tens or possibly hundreds of millions of dinars or dollars.”

 

He explained that the attackers use the organization’s domain to send emails to their associates and customers asking for login credentials, credit card details, or fake offers. He added that phishing emails are one of the easiest ways for cyber attackers to compromise an organization’s security.

“As a business owner, you want to make sure that your customers, partners and organizations you deal with only see emails you’ve sent yourself, not fake emails that appear to originate from your domain and can be used to steal information,” Mr. Al Awadhi added.

Mr. Faisal Al Farsi, Co-Founder and CEO of PowerDMARC explained that their partnership with NGN is to increase adoption of their email authentication platform in Bahrain and Saudi to protect brands from business email compromise (BEC). PowerDMARC builds on widely deployed email verification techniques: SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) along with newer protocols like BIMI, MTA-STS & TLS-RPT. To make their security systems even more airtight, they make use of an AI-driven threat intelligence engine to detect and take down IPs abusing your domain.

“PowerDMARC uses the latest email authentication protocols and monitoring from a 24/7 Security Operations Center to protect corporate domains from being compromised,” said Mr. Al Farsi. “The technology specialists at NGN will tailor security solutions specifically for organizations based on their needs. From configuring SPF, DKIM and DMARC records, to setting up the dashboard, to achieving full DMARC enforcement, NGN will take care of the heavy lifting for the client. The end result is a secure domain and a DMARC implementation that allows the client to monitor the email traffic easily.”

PowerDMARC, an email security and authentication provider based in Delaware, U.S.A., is partnering with Katana Technologies, an IT security and risk specialist distributor in New Zealand. Katana Technologies will be signing on as a value-added distributor of PowerDMARC products and services across New Zealand and Australia.

“Katana will be our first partner in New Zealand,” said Faisal Al Farsi, Co-Founder and CEO of PowerDMARC. “We’re looking forward to exploring new, uncharted avenues with businesses throughout Oceania, a region that’s often overlooked. The people at Katana are highly specialised in their domain and selective with their partners. We’re very fortunate for this opportunity to do business with them.”

Katana Technologies, which focus their strategy on disruptive IT security services of vendor solutions. They specialize in tailoring cloud end-point solutions to the customer’s needs. Along with PowerDMARC, they are keen on bringing email authentication services to organizations in New Zealand. They’ll play a key role in boosting DMARC compliance rates across the Asia-Pacific, a region that has seen relatively low rates of DMARC adoption.

“This is an exciting new venture for us,” said Steve Rielly, Founder of Katana Technologies. “New Zealand has yet to see significant DMARC adoption rates, which makes it all the more important for us to clinch this opportunity. PowerDMARC’s platform is lightweight and efficient, which is everything we’re looking for in a partner’s product. We’re looking forward to great things to come.”