We love to give clever names to the threats we face. 419 scams. Spear phishing. Snowshoe attacks. And now we’ve been gifted with the term “artisanal spam” to go with our $6 cone filter coffee and $8 wood-fired croissant with cruelty-free butter and locally grown preserves. At least the latest trendy name has some trendy food to go with it, which might offer a flavorful change of pace at some vendor booths in the first half of 2016.
But under all the cute jargon, people are still being victimized by email fraud that DMARC can help stop. It isn’t a panacea for all email-based fraud, but as the most effective way to combat same-domain phishing DMARC should be a foundational part of every organization’s messaging strategy. Just as you don’t leave your webserver unsecured for hackers to take over, you have to implement email authentication – DMARC, DKIM, and SPF – to make sure bad actors can’t impersonate your domain when attacking your customers, employees, and business partners.
Smaller operations and even medium-sized enterprises may have been largely left alone in the past as attackers focused on beating the filters at the world’s largest mailbox providers like AOL, GMail, and Yahoo – or impersonating their users. But as those companies have made their filtering more and more effective, and as they implement strong DMARC protection to block impostors, smaller organizations are increasingly becoming more attractive targets. The shift towards these smaller, “artisanal” campaigns just shows that those weaknesses will be exploited sooner rather than later. In fact if you aren’t getting DMARC reports for your domains now, you could be a victim already and not even know it.
If you haven’t included DMARC in your security measures yet, you should start immediately. DMARC.org offers or links to many articles, tutorials and videos, as well as a number of professional services for those who want expert assistance. You owe it to your customers and colleagues, and it’s only a matter of time before you’re in the crosshairs – if you aren’t already.