Preventing domain name spoofing and email fraud using DMARC (and a few cases it doesn’t work)

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol.

DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of peoples’ inboxes.

DMARC can be used to prevent domain name spoofing and email fraud. Of course it can not prevent all phishing attacks.

Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.

Users can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent.

DMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.

Does DMARC block all types of phishing attacks?

No. DMARC is only designed to protect against direct domain spoofing. If the owners/operators of example.com use DMARC to protect that domain, it would have no effect on otherdomain.com or example.net (notice the “.net” vs. “.com”).

While impersonating a given domain is a common method used for phishing and other malicious activites, there are other attack vectors that DMARC does not address. For example, DMARC does not address cousin domain attacks (i.e. sending from a domain that looks like the target being abused – e.g. exampl3.com vs. example.com), or display name abuse (i.e. modifying the “From” field to look as if it comes from the target being abused).

Also DMARC does not protect you:

  1. if you aren’t the owner of the domain name users are more accustomed to (such as a .com, .org or a ccTLD) and that domain name more closely matches your brand
  2. if you haven’t registered common variations of your main domain name in the same extension as your website or in other extensions.

Of course many people that are not internet savvy can be confused very easily even if you protect your brand the best you can.

Implementation

DMARC helps the end user by making it easier for their mailbox provider (e.g. AOL, Comcast, Hotmail, GMail, Yahoo) to keep spam and phishing messages from ever reaching their inbox.

At the moment this all happens behind the scenes, just as traditional spam filtering is done – the end user only sees the results, which should be fewer fraudulent messages from domains as they adopt DMARC.

Sold.Domains

About Konstantinos Zournas

Konstantinos studied Computer Engineering and Computer Science in London and lives in Athens, Greece. He works on domain names, websites and software development. Has been online since 1995 & domaining since 2002.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.