Posts

As a domain owner you always need to look out for threat actors launching domain spoofing attacks and phishing attacks to use your domain or brand name for carrying out malicious activities. No matter what email exchange solution you use, protecting your domain from spoofing and impersonation is imperative to ensure brand credibility and maintain trust among your esteemed customer-base. This blog will take you through the process of setting up your DMARC record for Office 365 users.

In recent times, a majority of businesses have made a shift towards using effective and robust cloud-based platforms and hosted email exchange solutions such as Office 365. Subsequently, cybercriminals have also upgraded their malicious techniques to conduct email fraud by outmanoeuvring the security solutions that are integrated into the platform. This is why Microsoft has extended support towards email authentication protocols like DMARC across all of its email platforms. But you should know how to correctly implement DMARC for Office 365, in order to fully utilize its benefits.

Why DMARC?

The first question that might arise is that, with anti-spam solutions and email security gateways already integrated into the Office 365 suite to block fake emails, why would you require DMARC for authentication? This is because while these solutions specifically protect against inbound phishing emails sent to your domain, DMARC authentication protocol gives domain owners the power to specify to receiving email servers how to respond to emails sent from your domain that fail authentication checks.

DMARC makes use of two standard authentication practices, namely SPF and DKIM to validate emails for authenticity. With a policy set to enforcement, DMARC can offer a high level of protection against impersonation attacks and direct-domain spoofing.

Do you really need DMARC while using Office 365?

There’s a common misconception among businesses, that having an Office 365 solution ensures safety from spam and phishing attacks. However, in May 2020, a series of phishing attacks on several Middle Eastern insurance firms using Office 365 caused significant data loss and an unprecedented amount of security breach. This is why simply relying on Microsoft’s integrated security solutions and not implementing external efforts for protecting your domain can be a huge mistake!

While Office 365’s integrated security solutions can offer protection against inbound security threats and phishing attempts, you still need to ensure that outbound messages sent from your own domain are authenticated effectively before landing into the inboxes of your customers and partners. This is where DMARC steps in.

Securing Office 365 against Spoofing and Impersonation with DMARC

Security solutions that come with the Office 365 suite act as spam filters that cannot secure your domain from impersonation, highlighting the need for DMARC. DMARC exists as a DNS TXT record in your domain’s DNS. For configuring DMARC for your domain, you need to:

Step 1: Identify valid email sources for your domain
Step 2: Set up SPF for your domain
Step 3: Set up DKIM for your domain
Step 4: Publish a DMARC TXT record in your domain’s DNS

You can use PowerDMARC’s free DMARC record generator to generate a record instantly with the correct syntax to publish in your DNS and configure DMARC for your domain. However, note that only an enforcement policy of reject can effectively help you mitigate impersonation attacks and domain abuse.

But is publishing a DMARC record enough? The answer is no. This takes us to our last and final segment which is DMARC reporting and monitoring.

5 Reasons Why You need PowerDMARC while Using Microsoft Office365

Microsoft Office 365 provides users with a host of cloud-based services and solutions along with integrated anti-spam filters. However despite of the various advantages, these are the drawbacks you might face while using it from a security perspective:

  • No solution for validating outbound messages sent from your domain
  • No reporting mechanism for emails failing authentication checks
  • No visibility into your email ecosystem
  • No dashboard to manage and monitor your inbound and outbound email flow
  • No mechanism to ensure your SPF record is always under 10 lookup limit

DMARC Reporting and Monitoring with PowerDMARC

PowerDMARC seamlessly integrates with Office 365 to empower domain owners with advanced authentication solutions that protects against sophisticated social engineering attacks like BEC and direct-domain spoofing. When you sign up with PowerDMARC you are signing up for a multi-tenant SaaS platform that not only assembles all email authentication best practices (SPF, DKIM, DMARC, MTA-STS, TLS-RPT and BIMI), but also provides an extensive and in-depth dmarc reporting mechanism, that offers complete visibility into your email ecosystem. DMARC reports on the PowerDMARC dashboard are generated in two formats:

  • Aggregate Reports
  • Forensic reports

We have strived to make the authentication experience better for you by solving various industry problems. We ensure encryption of your DMARC forensic reports as well as display aggregate reports in 7 different views for enhanced user-experience and clarity. PowerDMARC helps you monitor email flow and authentication failures, and blacklist malicious IP addresses from all over the world. Our DMARC analyzer tool aids you in configuring DMARC correctly for your domain, and shifting from monitoring to enforcement in no time!

 

All right, you’ve just gone through the whole process of setting up DMARC for your domain. You published your SPF, DKIM and DMARC records, you analysed all your reports, fixed delivery issues, bumped up your enforcement level from p=none to quarantine and finally to reject. You’re officially 100% DMARC-enforced. Congratulations! Now only your emails reach people’s inboxes. No one’s going to impersonate your brand if you can help it.

So that’s it, right? Your domain’s secured and we can all go home happy, knowing your emails are going to be safe. Right…?

Well, not exactly. DMARC is kind of like exercise and diet: you do it for a while and lose a bunch of weight and get some sick abs, and everything’s going great. But if you stop, all those gains you just made are slowly going to diminish, and the risk of spoofing starts creeping back in. But don’t freak out! Just like with diet and exercise, getting fit (ie. getting to 100% enforcement) is the hardest part. Once you’ve done that, you just need to maintain it on that same level, which is much easier.

Okay, enough with the analogies, let’s get down to business. If you’ve just implemented and enforced DMARC on your domain, what’s the next step? How do you continue keeping your domain and email channels secure?

What to Do After Achieving DMARC Enforcement

The #1 reason that email security doesn’t simply end after you reach 100% enforcement is that attack patterns, phishing scams, and sending sources are always changing. A popular trend in email scams often doesn’t even last longer than a couple of months. Think of the WannaCry ransomware attacks in 2018, or even something as recent as the WHO Coronavirus phishing scams in early 2020. You don’t see much of those in the wild right now, do you?

Cybercriminals are constantly changing their tactics, and malicious sending sources are always changing and multiplying, and there’s not much you can do about it. What you can do is prepare your brand for any possible cyberattack that could come at you. And the way to do that is through DMARC monitoring & visibility .

Even after you’re enforced, you still need to be in total control of your email channels. That means you have to know which IP addresses are sending emails through your domain, where you’re having issues with email delivery or authentication, and identify and respond to any potential spoofing attempt or malicious server carrying a phishing campaign on your behalf. The more you monitor your domain, the better you’ll come to understand it. And consequently, the better you’ll be able to secure your emails, your data and your brand.

Why DMARC Monitoring is So Important

Identifying new mail sources
When you monitor your email channels, you’re not just checking to see if everything’s going okay. You’re also going to be looking for new IPs sending emails from your domain. Your organization might change its partners or third party vendors every so often, which means their IPs might become authorized to send emails on your behalf. Is that new sending source just one of your new vendors, or is it someone trying to impersonate your brand? If you analyse your reports regularly, you’ll have a definite answer to that.

PowerDMARC lets you view your DMARC reports according to every sending source for your domain.

Understanding new trends of domain abuse
As I mentioned earlier, attackers are always finding new ways to impersonate brands and trick people into giving them data and money. But if you only ever look at your DMARC reports once every couple of months, you’re not going to notice any telltale signs of spoofing. Unless you regularly monitor the email traffic in your domain, you won’t notice trends or patterns in suspicious activity, and when you are hit with a spoofing attack, you’ll be just as clueless as the people targeted by the email. And trust me, that’s never a good look for your brand.

Find and blacklist malicious IPs
It’s not enough just to find who exactly is trying to abuse your domain, you need to shut them down ASAP. When you’re aware of your sending sources, it’s much easier to pinpoint an offending IP, and once you’ve found it, you can report that IP to their hosting provider and have them blacklisted. This way, you permanently eliminate that specific threat and avoid a spoofing attack.

With Power Take Down, you find the location of a malicious IP, their history of abuse, and have them taken down.

Control over deliverability
Even if you were careful to bring DMARC up to 100% enforcement without affecting your email delivery rates, it’s important to continuously ensure consistently high deliverability. After all, what’s the use of all that email security if none of the emails are making it to their destination? By monitoring your email reports, you can see which ones passed, failed or didn’t align with DMARC, and discover the source of the problem. Without monitoring, it would be impossible to know if your emails are being delivered, let alone fix the issue.

PowerDMARC gives you the option of viewing reports based on their DMARC status so you can instantly identify which ones didn’t make it through.

 

Our cutting-edge platform offers 24×7 domain monitoring and even gives you a dedicated security response team that can manage a security breach for you. Learn more about PowerDMARC extended support.

At first glance, Microsoft’s Office 365 suite seems to be pretty…sweet, right? Not only do you get a whole host of productivity apps, cloud storage, and an email service, but you’re also protected from spam with Microsoft’s own email security solutions. No wonder it’s the most widely adopted enterprise email solution available, with a 54% market share and over 155 million active users. You’re probably one of them, too.

But if a cybersecurity company’s writing a blog about Office 365, there’s got to be something more to it, right? Well, yeah. There is. So let’s talk about what exactly the issue is with Office 365’s security options, and why you really need to know about this.

What Microsoft Office 365 Security is Good At

Before we talk about the problems with it, let’s first quickly get this out of the way: Microsoft Office 365 Advanced Threat Protection (what a mouthful) is quite effective at basic email security. It will be able to stop spam emails, malware, and viruses from making their way into you inbox.

This is good enough if you’re only looking for some basic anti-spam protection. But that’s the problem: low-level spam like this usually doesn’t pose the biggest threat. Most email providers offer some form of basic protection by blocking email from suspicious sources. The real threat—the kind that can make your organization lose money, data and brand integrity—are emails carefully engineered so you don’t realize that they’re fake.

This is when you get into serious cybercrime territory.

What Microsoft Office 365 Can’t Protect You From

Microsoft Office 365’s security solution works like an anti-spam filter, using algorithms to determine if an email is similar to other spam or phishing emails. But what happens when you’re hit with a far more sophisticated attack using social engineering, or targeted at a specific employee or group of employees?

These aren’t your run-of-the-mill spam emails sent out to tens of thousands of people at once. Business Email Compromise (BEC) and Vendor Email Compromise (VEC) are examples of how attackers carefully select a target, learn more information about their organization by spying on their emails, and at a strategic point, send a fake invoice or request via email, asking for money to be transferred or data to be shared.

This tactic, broadly known as spear phishing, makes it appear that email is coming from someone within your own organization, or a trusted partner or vendor. Even under careful inspection, these emails can look very realistic and are nearly impossible to detect, even for seasoned cybersecurity experts.

If an attacker pretends to be your boss or the CEO of your organization and sends you an email, it’s unlikely that you’ll check to see if the email looks genuine or not. This is exactly what makes BEC and CEO fraud so dangerous. Office 365 will not be able to protect you against this sort of attack because these are ostensibly coming from a real person, and the algorithms will not consider it to be a spam email.

How Can You Secure Office 365 Against BEC and Spear Phishing?

Domain-based Message Authentication, Reporting & Conformance, or DMARC, is an email security protocol that uses information provided by the domain owner to protect receivers from spoofed email. When you implement DMARC on your organization’s domain, receiving servers will check each and every email coming from your domain against the DNS records you published.

But if Office 365 ATP couldn’t prevent targeted spoofing attacks, how does DMARC do it?

Well, DMARC functions very differently than an anti-spam filter. While spam filters check incoming email entering your inbox, DMARC authenticates outgoing email sent by your organization’s domain. What this means is that if someone is trying to impersonate your organization and send you phishing emails, as long as you’re DMARC-enforced, those emails will be dumped in the spam folder or blocked entirely.

And get this — it also means that if a cybercriminal was using your trusted brand to send phishing emails, even your customers wouldn’t have to deal with them, either. DMARC actually helps protect your business, too.

But there’s more: Office 365 doesn’t actually give your organization any visibility on a phishing attack, it just blocks spam email. But if you want to properly secure your domain, you need to know exactly who or what is trying to impersonate your brand, and take immediate action. DMARC provides this data, including the IP addresses of abusive sending sources, as well as the number of emails they send. PowerDMARC takes this to the next level with advanced DMARC analytics right on your dashboard.

Learn more about what PowerDMARC can do for your brand.