Posts

It is critical that any business using emails to communicate with their customers becomes DMARC compliant in order to protect the fidelity and privacy of their client’s information. However, a common mistake that organizations often end up making is securing their local/active domains, while completely ignoring the security of their parked domains.

DMARC is an email authentication protocol designed to prevent spammers from impersonating the senders of legitimate emails. Using DMARC provides real value. Not only is it an industry standard, but by implementing it you earn trust and respect from your customers, gain control of your domain from cybercriminals, and increase deliverability and message consistency.

What are Parked Domains?

Parked domains are webmaster-friendly aliases that streamline and promote your online presence. Basically, it refers to the practice of using an alternative domain name (i.e., parked) for advertising or administrative purposes. Parked domains are a great way to create additional brand equity for your business. While Parked Domains are domains that have been registered on purpose, they are not necessarily used to send emails or rank in search engines.

A parked domain is usually just an empty shell with no substance. Such domains often remain dormant and aren’t used for any interactive purposes like sending emails. Often purchased years ago, it is only natural for large enterprises that make use of several domains to carry out daily activities, to forget about them. So naturally, you might be thinking about whether securing your parked domains is even necessary in the first place? The answer is, yes! The low domain security of your inactive domains can make them an easier target for attackers. DMARC steps in to help you secure these parked domains, preventing them from being used for malicious ends.

How Can You Leverage DMARC to Secure Your Parked Domains?

In general, ISPs will treat domain names, especially parked domains, that lack a DMARC record with a low level of scrutiny. This means that these domains may not be protected well against spam and abuse. By skipping this step, you might be protecting your main domain with 100% DMARC enforcement with a policy of p=reject, all while remaining vulnerable on your parked domains. By setting up a set of DNS records for inactive domains, you can help prevent them from being used for phishing or malware distribution.

For every business owner out there, your company’s reputation should be of utmost importance to you. Therefore, when it comes to opting for email authentication, it should be for every domain you own. What’s even better is that implementing DMARC only requires you to publish a couple of records in your DNS.

However, before implementing DMARC you need to consider the following factors:

1) Make sure you have a valid and published SPF record on your DNS

For your inactive or parked domains, you only need a record that specifies that the particular domain is currently inactive and any email originating from it should be rejected. An empty SPF record with the following syntax does exactly that:

yourparkeddomain.com TXT v=spf1 -all

2) Be certain that you have a functional DKIM record published on your DNS

The best way to nullify DKIM selectors that were active in the past is to publish a DKIM record with (*) as your selector and an empty “p” mechanism. This specifies to MTAs that any selector for that parked domain is not valid anymore:

*._domainkey.yourparkeddomain.com TXT v=DKIM1; p=

3) Publish a DMARC record for your Parked Domains

In addition to publishing SPF, you should publish a DMARC record for your parked domains. A DMARC policy of “reject” for your inactive domains helps secure them. With DMARC you can also view and monitor fraudulent activities on these domains with reports you can view on our DMARC report analyzer dashboard.

You can configure the following DMARC record for your parked domains:

_dmarc.yourparkeddomain.com TXT “v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

 

Note: replace the sample RUA and RUF email addresses with valid email addresses (that don’t point to your parked domains) wherein you want to receive your DMARC reports. Alternatively, you can add your custom PowerDMARC RUA and RUF addresses to send your reports directly to your PowerDMARC account and view them on your DMARC report analyzer dashboard.

In case you have a large number of previously registered parked domains, you can configure the following CNAME record that points to a single domain, for all your parked domains:

_dmarc.yourparkeddomain.com  CNAME   _dmarc.parked.example.net

Once done, you can then publish a DMARC TXT record that points to the email addresses on which you want to receive your RUA and RUF reports, for that same domain on which you have configured DMARC for your parked domains:

_dmarc.parked.example.net TXT v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

To avoid implementing DMARC for your active and parked domains manually, help us help you automate the process and make it seamless for your organization with our proactive support team and an effective DMARC software solution. Sign up for your DMARC analyzer today!

Domains have grown at an explosive rate over the last decade. With a decades-long history and the power to build trust, domains have long been the premier asset for businesses, online. Domain name security is a top concern for domain holders, and today’s online threats make managing domains more complex than ever. In the 1980s, the first top-level domains were established on the internet. Since then, there have been notable developments in domain name architecture, resulting in more security challenges and costs for businesses and consumers alike. Since their inception, domains have become a channel for cyberattacks and threats to online data and security. DMARC is a widely acclaimed protocol that protects your domain name and online assets from abuse and impersonation.

But before we get to that, here are three reasons why protecting your domain name should be your topmost priority starting today:

Your Domain is the Face of Your Company

Your domain is a reflection of your brand and is one of the most important online assets of your organization. The domain name is the digital address of your business and is an important part of your IP portfolio. It’s the first thing that potential customers and investors will see. Research shows that domains are now one of the most valuable elements of a company’s business, alongside intellectual property rights, easily identifiable assets, and shares. Domains are a vital part of any business’s IP portfolio, providing a long-term and authoritative presence on the Internet. It is essential to protect and renew them. Acquisition or abuse of domain names by cybercriminals can cause clients, customers, and partners to become inconsolable.

Domain Management is Not an Easy Task

Organizations now realize that their domain represents their business goals and creates that unified public face of the company that customers recognize when searching for products and services. As organizations become increasingly reliant on IP assets, domain management is likely to become more of a liability. The domains that are now the cornerstone of an organization’s security must be effectively managed, not just handled by internal IT teams. However, domain management poses its own set of security challenges. With the increasing number of domains each company owns, impersonating your organization for malicious ends becomes quite easy.

Did you know, 33% of organizations experienced cyberattacks specifically targeting their domain names in 2020?

Lack of Domain Name Security Increases the Risk of Domain Spoofing

Domain spoofing is a social engineering tactic, popular among cybercriminals of the digital age. A spoofed email domain accurately impersonates a valid domain and can be used to trick employees, customers, and partners who rely on your services. Spoofed domains are used to send fake emails to customers to perpetrate phishing attacks aimed at stealing sensitive data and bank details to launder money, or inject ransomware into their system. Suffice to say, it is extremely damaging to any business, both financially, as well as reputationally.

How to Secure Your Domain Name?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a mechanism letting organizations protect their domain name from impersonation, domain abuse, and spoofing. It helps stop phishing (which is the leading cause of identity theft) by creating a 100% reliable mechanism for authenticating emails that are sent from your domain. It prevents unauthorized parties from setting up email accounts using a legitimate organization’s domain name. Configuring a DMARC analyzer at your organization can provide all-around protection to your domain name, helping you make sure that your reputation remains intact and your domain can never be used for malicious purposes.

Manage Your Domains Effectively with PowerDMARC DMARC Report Analyzer

With our DMARC report analyzer, you can manage your domains across a single pane of glass, read your DMARC reports, view authentication results, and pick up on malicious activities faster. It also allows you to adjust settings on the fly for immediate changes. Whether you are a small business or enterprise, a DMARC report analyzer gives you deeper control over how you manage email authentication.

Most importantly, it gives you a single place to manage the domains that you own from multiple registrars. Our intuitive interface provides a descriptive breakdown of each failure, helping you take action against them faster than ever before.

  • It provides a single, integrated solution for reading your DMARC reports
  • It provides the ability to quickly identify anomalies in your reports.
  • With report filtering options, this powerful module will allow you to better manage your domain’s health across multiple domains across various mail servers
  • Provides a clear view of the overall picture of how your emails are protected, bounce back messages, and what malicious activities are being attempted on your domain
  • Helps you save time by knowing the full picture with a reliable and clear dashboard that gives you a simple overview of your data
  • Highlights any errors in your SPF, DKIM, BIMI, MTA-STS record and TLS-RPT.

If you’ve been following the DMARC conversation in the industry, you probably have lots of questions. Why do we need DMARC? How does it help prevent domain spoofing? We are here to answer all of it. Domain-based Message Authentication, Reporting, and Conformance (DMARC) is the technology that helps authenticate legitimate email and helps prevent spoofing. DMARC also provides insight into your email marketing efforts and stops your domain from being used by cyber-criminals. It allows email receivers to authenticate, report on and enforce policy around emails sent from domain names they don’t control.

DMARC is a vital defense against Domain spoofing, cyber-threats like phishing attacks as well as increasing transparency into the emails you send. DMARC improves your digital brand protection and the overall deliverability of your email marketing programs by differentiating legitimate emails from fraudulent ones.

Which Businesses Should Use DMARC?

The answer is quite simple. All. Irrespective of your company size or industry, in the current situation each and every organization needs information security and domain protection. Most businesses (knowingly or unknowingly) have already deployed SPF and DKIM to protect their email domains, but only an estimated one-third have actually implemented DMARC to stop spoofing. This is because of a lack of awareness of secure protocols and living in a state of constant denial, assuming that your domain is safe no matter what. That is until you fall prey to the next major email scam attack and lose a huge chunk of your subscribers and customers.

Another popular misconception is that DMARC is difficult to implement. Implementing DMARC for your domain, in reality, requires you to simply publish a DMARC record in your DNS with a one-line syntax. The difficult part is managing and monitoring your domains, especially if you have quite a few of them like every other business does. However, that too is manageable now! You can initiate your DMARC journey with our DMARC Analyzer, which is engineered to simplify your DMARC adoption process. We help you:

  • Generate and publish your DMARC records
  • Register your domains easily
  • Shift to an enforced policy within the least time
  • Gain 100% DMARC compliance on the total volume of emails sent from your domain

What’s in it for Your Business?

To answer the question “why do we need DMARC?” it is essential to isolate the several benefits it provides to growing businesses. Powered by DMARC, it means that your organization will be better protected from phishing and spoofing. DMARC prevents phishers from using your domain to spoof legitimate emails and trick your customers into handing over their usernames and passwords, credit card information, and other sensitive information. 90% of the organizations using DMARC have claimed to witness a boost in their email deliverability rate within a very short period of having implemented the protocol.

But that’s not all. While some emails you send to your followers may be determined as spam by their email providers, DMARC is a security feature that helps prevent this from happening. In addition to preventing the spoofing of your domain, DMARC allows you to ensure that your legitimate marketing emails have a higher chance of landing in your recipients’ inboxes. If not for the altruistic reasons of ensuring email delivery, implementing DMARC will definitely result in a better ROI on your email marketing campaigns, and improve your domain reputation.

Read Your DMARC Reports Easily with PowerDMARC

When you configure DMARC at your organization, you have the option of specifying to your receivers’ ESPs, to send you DMARC reports. These reports are crucial to monitor your email flow, gain visibility on failed deliveries and the status of each email’s authentication results.

But the raw reports are sent as XML files that are tough to read and understand. Our DMARC Report Analyzer is engineered to extract DMARC reports from your ESPs and assemble them across a single pane of glass. We parse the data for you, organize and manage them, and present them in a human-readable format that anyone can understand. We also allow you to download the data in a comprehensive PDF format to share with your employees.

Our interactive dashboard provides information on a higher level that can be read at a glance, as well as granular details on your sending sources so you can track malicious IP addresses faster.

Get your DMARC record checker today to analyze and improve loopholes in your domain’s security!

Before we get to “how to setup DMARC?” we should take a step back and understand the concept of DMARC and how it has emerged as the most trending solution in the world of information and email security in the past few years. Organizations can be considered as huge email exchanging bodies with major influx in email flow across their client-base, and among  their business partners and employees.

However, while running your email marketing campaigns, it is difficult to monitor whether all the emails being sent from your domain are legitimate. Every 14 seconds, an organizational domain is spoofed by an attacker to send out phishing emails to receivers who trust them. This is why email authentication is a mandatory addition to your security.

Why is DMARC Needed in the Current Situation?

The FBI’s Internet Crime Complaint Center of 2020 (FBI IC3 Report 2020) reported that 28,500 complaints were received in the US pertaining to email-based attacks. The FBI investigated e-mail scam attacks describing the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which strived to provide assistance to small businesses during the pandemic. These attacks specifically targeted unemployment insurance, Paycheck Protection Program (PPP) loans, and Small Business Economic Injury Disaster Loans.

Did You Know?

  • 75% of organizational domains from all around the world were spoofed in 2020 to send phishing emails to victims
  • 74% of those phishing campaigns were successful
  • The frequency of BEC has increased by 15% since last year
  • IBM reported that one in every 5 companies in the last year has experienced data breaches caused by malicious emails

Check your domain right now to see how protected you are against email fraud!

How to Setup DMARC Manually?

In order to learn how to setup DMARC, you need to start by creating a DMARC record. As complicated as it may sound, the process is comparatively much simpler! DMARC is a DNS TXT (text) record that can be published in your DNS to configure the protocol for your domain.

DMARC record example:

v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100; fo=0;

Note: While beginning your email authentication journey, you can keep your DMARC policy (p) at none instead of reject, to monitor your email flow and resolve issues before shifting to a strict policy.

Learn how to publish DMARC record

How to Setup DMARC Easily with PowerDMARC

With PowerDMARC, you don’t need to understand the mechanisms in depth to manually create your DMARC record, as we do it automatically on our platform. All you need to do is use our free DMARC record generator tool and fill in your desired criteria. Click on Generate Record and instantly create an error-free DMARC record to publish in your DNS:

After creating your record, simply open your DNS management console, navigate to your desired domain and paste the TXT record. Save changes to the process and you are done!

How to Leverage DMARC to Prevent Domain Spoofing

Note that if you are configuring DMARC to stop your domain from being Spoofed and keep phishing and BEC attacks at bay, we recommend you the select the following criterion while generating your DMARC record with our DMARC record generator tool:

Set your DMARC policy to p=reject

When you are opting for DMARC enforcement at your organization by choosing a reject policy, this means that whenever an email sent from your domain fails DMARC authentication checks and fails DMARC, the malicious email would be instantly rejected by the receiving MTA, instead of being delivered to your receiver’s inbox.

Another factor that you would want to consider is gaining visibility on your email flow and monitoring emails passing and failing authentication. DMARC reporting ensures that you never miss a malicious activity on your domain and you stay informed at all times. To enjoy the benefits of email authentication, and setup DMARC in a way that would effectively protect your domain, sign up with DMARC analyzer today!

One of the largest focuses for email security in the last year has been around DMARC and ransomware has emerged as one of the most financially damaging cybercrimes of this year. Now what is DMARC? Domain-Based Message Authentication, Reporting and Conformance as an email authentication protocol is used by domain owners of organizations big and small, to protect their domain from Business Email Compromise (BEC), direct domain spoofing, phishing attacks and other forms of email fraud.

DMARC helps you enjoy multiple benefits over time like a considerable boost in your email deliverability, and domain reputation. However a lesser known fact is that DMARC also serves as the first line of defense against Ransomware. Let’s enunciate how DMARC can protect against Ransomware and how ransomware can affect you.

What is Ransomware?

Ransomware is a type of malicious software (malware) that is installed on a computer, usually through the use of malware. The goal of the malicious code is to encrypt files on the computer, after which it typically demands payment in order to decrypt them.

Once the malware installation is in place, the criminal demands a ransom be paid by the victim to restore access to the data. It allows cybercriminals to encrypt sensitive data on computer systems, effectively protecting it from access. The cybercriminals then demand the victim pay a ransom sum to remove the encryption and restore access. Victims are typically faced with a message that tells them their documents, photos, and music files have been encrypted and to pay a ransom to allegedly “restore” the data. Typically, they ask the users to pay in Bitcoin and inform them how long they have to pay to avoid losing everything.

How Does Ransomware Work?

Ransomware has shown that poor security measures put companies at great risk. One of the most effective delivery mechanisms for ransomware is email phishing. Ransomware is often distributed through phishing. A common way this occurs is when an individual receives a malicious email that persuades them to open an attachment containing a file they should trust, like an invoice, that instead contains malware and begins the infection process.

The email will claim to be something official from a well-known company and contains an attachment pretending to be legitimate software, which is why it is very likely that unsuspecting customers, partners, or employees who are aware of your services would fall prey to them.

Security researchers have concluded that for an organization to become a target of phishing attacks with malicious links to malware downloads, the choice is ” opportunistic.” A lot of ransomware doesn’t have any external guidance as to who to target, and often the only thing guiding it is pure opportunity. This means, any organization whether it is a small business or a large enterprise, can be the next target if they have loopholes in their email security.

2021 recent security trends report have made the following distressing discoveries:

  • Since 2018, there has been a 350% rise in ransomware attacks making it one of the most popular attack vectors in recent time.
  • Cyber security experts believe there will be more ransomware attacks than ever in 2021.
  • More than 60% of all ransomware attacks in 2020 involved social actions, such as phishing.
  • New ransomware variants have increased by 46% in the last 2 years
  • 68,000 new ransomware Trojans for mobile have been detected
  • Security researchers have estimated that every 14 seconds a business falls victim to a ransomware attack

Does DMARC Protect Against Ransomware? DMARC and Ransomware

DMARC is the first line of defense against ransomware attacks. Since ransomware is usually delivered to victims in the form of malicious phishing emails from spoofed or forged company domains, DMARC helps protect your brand from being impersonated, which means such fake emails will be marked as spam or not get delivered when you have the protocol correctly configured.  DMARC and Ransomware: how does DMARC help?

  • DMARC authenticates your emails against SPF and DKIM authentication standards that helps filter malicious IP addresses, forgery and domain impersonation.
  • When a phishing email curated by an attacker with a malicious link to install ransomware arising from your domain name reaches a client/employee server, if you have
  • DMARC implemented the email is authenticated against SPF and DKIM.
  • The receiving server tries to verify the sending source and DKIM signature
  • The malicious email will fail verification checks and ultimately fail DMARC authentication due to domain misalignment
  • Now, if you have implemented DMARC at an enforced policy mode (p=reject/quarantine) the email after failing DMARC will either get marked as spam, or rejected, nullifying the chances of your receivers falling prey to the ransomware attack
  • Finally, evade additional SPF errors like too many DNS lookups, syntactical errors and implementation errors, to prevent your email authentication protocol from being invalidated
  • This ultimately safeguards your brand’s reputation, sensitive information and monetary assets

The first step to gaining protection against ransomware attacks is to sign up for DMARC analyzer today! We help you implement DMARC and shift to DMARC enforcement easily and in the least possible time. Start your email authentication journey today with DMARC.

Learn how to Publish a DMARC record

Before we proceed towards publishing a DMARC record, it is important to understand what is a DMARC record? A DMARC record is nothing but a DNS TXT record that can be published in your domain’s DNS (Domain Naming System) so as to configure Domain-Based Message Authentication, Reporting, and Conformance or DMARC for your domain. By configuring DMARC for your domain you as the domain owner now have the ability to specify to receiving servers how they should respond to emails that are sent from unauthorized or illegitimate sources.

Instructions for Generating Your DMARC Record

The process for generating your DMARC DNS Record is extremely simple if you use our free DMARC record generator tool for this purpose. All you need to do is fill up the following criteria:

  • Choose your DMARC policy mode(if you are just starting out with email authentication, we recommend a policy of p=none for you to begin with so you can monitor your email flow)
  • Choose the DMARC policy mode for your subdomains ( we recommend you to only activate this criteria if you wish to opt for a different policy for your subdomains, else, by default it takes up the same policy as your main domain)
  • Type in your desired email addresses wherein you want your DMARC RUA (aggregate) and RUF (Forensic) reports to be delivered to
  • Choose your DKIM alignment mode (for strict alignment the DKIM signature in the email header has to match exactly with the domain found in the from header. For relaxed alignment the two domains must share the same organizational domain only)
  • Choose your SPF alignment mode (for strict alignment the domain in the Return-path header has to match exactly with the domain found in the from header. For relaxed alignment the two domains must share the same organizational domain only)
  • Choose your forensic options (this represents under which circumstances you want to receive your forensic reports)

A typical error-free DMARC record looks something like this:

v=DMARC1; p=none; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

The generated record is now to be published in your domain’s DNS on the subdomain: _dmarc.YOURDOMAIN.com

How to Publish Your DMARC Record? 

In order to publish your generated DMARC record, you will need to log in to your DNS console and navigate to the specific domain for which you want to configure DMARC.

After navigating to the domain in your DNS management console, you will need to specify the hostname and the resource type. Since DMARC exists in your domain as a DNS TXT record, the resource type for it is TXT, and the hostname to be specified in this case is : _dmarc 

Finally, you need to add the value of your DMARC record (the record you generated previously): v=DMARC1; p=none; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1;

Save changes to the whole process and you have successfully configured DMARC for your domain!

What Should be My Next Steps?

After you are done publishing your DMARC record your next step should be to focus on protecting your domain from scammers and impersonators. That is your main agenda anyway when you are implementing security protocols and email authentication services. Simply publishing a DMARC record with a p=none policy doesn’t offer any protection against domain spoofing attacks and email fraud. For that you need to shift to DMARC enforcement.

What is DMARC Enforcement?

You can achieve DMARC enforcement if you implement a DMARC policy mode of p=reject or p=quarantine. For maximum protection from domain spoofing attacks and BEC, we recommend a policy mode of reject.  However, the process for achieving DMARC enforcement isn’t as simple as changing your policy mode from monitoring to enforcement. To gain immunity from impersonation attacks all while making sure that your email deliverability doesn’t get impacted, what you need to do is:

  • Sign up with PowerDMARC and enable DMARC reporting for your domain
  • Get daily DMARC RUA reports on email authentication results available in an array of viewing options for ease of understanding
  • Get forensic report updates on the dashboard whenever emails fail authentication
  • Stay under the SPF hard limit to ensure your SPF record never gets invalidated

With DMARC aggregate and forensic reports, moving from monitoring to enforcement becomes a cakewalk for domain owners, as you can visually monitor your email flow and track and respond to deliverability issues instantaneously from the PowerDMARC platform. Sign up today for your free DMARC analyzer trial!