MDaemon Technologies Blog

Protect Brand & Customers from Spear Phishing Using DKIM, SPF & DMARC

By Brad Wyro

Woman connecting cellphone and laptop computer

 

Introduction

Scammers use a variety of tactics to get users to give out personal information. One very common tactic is known as phishing. Phishing is a scam where tech-savvy con artists use spam and malicious websites to deliver malware, or to trick people into giving them personal information such as social security numbers, bank account numbers, and credit card information. A more targeted (and often more dangerous) type of phishing is known as spear phishing.

 

What is Spear Phishing?

 

Spear phishing is a targeted attack that’s usually addressed to a specific individual. With spear phishing, the perpetrator knows something personal about you. He may know your name, email address, or the name of a friend, or he may have information about a recent online purchase you made. While most phishing emails will have a generic greeting such as “Dear Sir or Madam,” a spear phishing email may address you by name, such as “Hello John.” It may also appear to come from someone you know.

According to recent reports, 95% of all attacks on enterprise networks are the result of spear phishing attacks. Moreover, according to Stanford University’s The Psychology of Human Error report, 88% of all data breaches are a result of human error.

 

How can You Protect Yourself & Your Business from Spear Phishing Attacks?

Protecting your company from spear phishing attacks is the responsibility of employees as well as IT administrators. For employees, user education is key. Every employee should be familiar with these email security best practices:

  • Change your password often.
  • Use strong passwords. Never use a password that contains "password" or "letmein". MDaemon administrators can take this suggestion a step further by requiring users to use app passwords. With app passwords, users can have a separate, strong passwords for each of their email clients.

    Watch our video on app passwords to learn more.
  • Use a different password for each of your accounts. If you use the same password for your bank account as you do for your email account, you become much more vulnerable to data theft.
  • Don't open an attachment unless you know who it is from & are expecting it.
  • Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments. Note: SecurityGateway includes a feature that will detect macros in Microsoft Office attachments. Watch our tutorial video to learn more.
  • Use anti-virus software on your local machine, and make sure it's kept up-to-date with the latest virus definitions.
  • If you receive an attachment from someone you don't know, don't open it. Delete it immediately.
  • Learn how to recognize phishing
    - Messages that contain threats to shut your account down
    - Requests for personal information such as passwords or Social Security numbers
    - Words like "Urgent" - false sense of urgency
    - Forged email addresses
    - Poor writing or bad grammar
  • Hover your mouse over links before you click on them to see if the URL looks legitimate.
  • Instead of clicking on links, open a new browser and manually type in the address.
  • Don't give your email address to sites you don't trust.
  • Don't post your email address to public websites or forums. Spammers often scan these sites for email addresses.
  • Don't click the "Unsubscribe" link in a spam email. It would only let the spammer know your address is legitimate, which could lead to you receiving more spam.
  • Understand that reputable businesses will never ask for personal information via email.
  • Don't send personal information in an email message.
  • Don't reply to spam. Be aware that if you reply to a spam email, your reply most-likely will not go back to the original spammer because the FROM header in the spam message will most-likely be forged.
  • Don't share passwords.
  • Be sure to log out.

For the administrator, implementing DKIM, SPF and DMARC can help reduce data breaches, financial losses, and other threats to your business. These three methods are described in greater detail below.


How DKIM Works

DKIM (DomainKeys Identified Mail) is a cryptographic email verification process that can be used to protect against spoofing. It can also be used to ensure message integrity, or to ensure that the message has not been altered between the time it left the sending mail server and the time it arrived at yours. Here’s how DKIM works:

  • A public key is published to the sending server’s DNS records.
  • Each outgoing message is signed by the server using the corresponding encrypted private key.
  • For incoming messages, when the receiving server sees that a message has been signed by DKIM, it will retrieve the public key from the sending domain's DNS records and then compare that key with the message's cryptographic signature to determine its validity.
  • If the incoming message cannot be verified then the receiving server knows it contains a spoofed address or has been tampered with or changed. A failed message can then be rejected, or it can be accepted but have its spam score adjusted.

How-DKIM-Works

 

You can refer to the following knowledge base article for DKIM setup instructions in MDaemon:

How to enable DKIM signing and configure records

 

More information on DKIM setup for SecurityGateway can be found here:

https://help.mdaemon.com/SecurityGateway/en/dkim_signing.html

 

How SPF Works

Another technique to help protect against spoofing is known as SPF. SPF (Sender Policy Framework) allows domain owners to publish DNS records (SPF records) to identify those locations (email servers, secure email gateways, smart hosts, etc.) that are authorized to send messages for their domain. By performing an SPF lookup on incoming messages, you can attempt to determine whether or not the sending server is permitted to deliver mail for the purported sending domain, and consequently determine whether or not the sender's address may have been forged or spoofed.

How-SPF-Works

 

Both MDaemon and SecurityGateway include SPF verification features. In MDaemon Remote Administration, SPF settings are located under Security | Sender Authentication | SPF Verification.

SPF_MDaemonSender Policy Framework Settings in MDaemon Remote Administration

 

To help protect against spear phishing attacks that spoof your domain, you should set up an SPF record in DNS. You can find helpful information on SPF record syntax and deployment at http://www.open-spf.org/.


DMARC (Domain-Based Message Authentication, Reporting & Conformance)

When a message fails DKIM or SPF, it is up to the receiving mail server’s administrator as to how to handle the message. The problem with this is that if DKIM or SPF is not set up properly, it can lead to problems. DMARC (Domain-based Message Authentication, Reporting and Conformance) takes out the guesswork on how to handle messages from domains that are not properly aligned with DKIM or SPF.

How-DMARC-Works

 

DMARC defines a scalable mechanism by which a mail sender can express, using DNS records (DMARC records), domain level policies governing how messages claiming to come from his or her domain should be handled when they do not fully align with DKIM and SPF lookup results. In other words, if you perform SPF, DKIM and DMARC record lookups on a message claiming to come from my domain (example.com), and it does not align with SPF, DKIM, or both, my DMARC record can tell you how I want you to handle messages that are unaligned with SPF & DKIM. My DMARC record can specify whether I want you to accept, quarantine, or reject unaligned messages, and I can even go a step further and specify what percentage of unaligned messages I want you to reject or quarantine based on my policy preferences. This is useful when first deploying DMARC, as it allows you to be more lenient with rejection of unaligned messages until you’re sure DKIM & SPF are configured properly.

This knowledge base article includes helpful information for deploying DMARC:

How to Enable DMARC and Configure Records

This article includes a variety of recommended security settings, including SPF, DKIM, DMARC, spam filter settings, and much more.

https://knowledge.mdaemon.com/recommended-security-dynamic-screening-spam-filter-anti-virus-settings

Conclusion

While we must be vigilant against spoofing and phishing attacks, we must also acknowledge that cautious, informed users and properly implemented SPF, DKIM and DMARC policies are the best defense against cybercriminals who are intent on stealing your data and damaging your brand.

 

Tags: Email Authentication, Email How To, Email Management, Spear Phishing

Brad Wyro

Written by Brad Wyro

Brad has worked in technical and marketing roles at MDaemon Technologies, where he contributes as Content Marketing Manager. Brad balances technical and creative information to develop easy to understand videos and content to educate prospects and customers.

BACK TO ALL ARTICLES

Subscribe to Email Updates

Posts by Topic

See all

About MDaemon Technologies

MDaemon Technologies is a pioneer in developing email and email security software helping to protect customers from evolving cyber-security threats. Its products and services are trusted by thousands of organizations in over 140 countries. For more than two decades, the company’s products have been developed with the ongoing input of IT professionals who demand reliable, affordable software that requires minimal effort to manage.

The software can be deployed in virtual, hosted cloud, on-premises, or hybrid network environments. The company sells its software and services directly and through a network of global channel partners.

For more information, visit www.mdaemon.com.

Copyright © 1996-2023 MDaemon Technologies.  View privacy policy.

 

Contact Us
+1.817-601-3222
sales@help.mdaemon.com
6340 Lake Worth Blvd.
Fort Worth, TX 76135