Did you know that there are entities likely spoofing your business identity without your knowledge?  These are messages that are being sent out “pretending” to be from your company when they didn’t originate from within your organization. How can a company begin to understand what is being sent out to look like them?  Even more concerning is if the message reaches one of your customers and contains malware, viruses, or is a phishing attempt?  Is there a way to see what’s being sent around the internet without your knowledge and more importantly is there way to stop it or any spoofing email that could be happening? Using M365? DMARC records can help.

Email Spoofing

These are email messages that you have probably seen before.  When I think back, I can remember many times when I received an email “impersonating” my credit card company asking for personal information.  Suspecting that this likely didn’t originate with them, I called them and sure enough they didn’t send it.  The other way to tell is through message headers, and so if you are familiar with how to find and read them it would also be very obvious that this message didn’t come from your credit card company.  This post covers how you can work towards the prevention of these types of messages from be sent/received even when they didn’t originate within your environment.

Discovering what is being sent?

Figuring out what entities are sending out to “look” like your organization is not an easy task – but spoofing email happens.  Really there is not a great way to do this without leverage a 3rd party that is setup to receive the message headers for email sent as your organization.  So first you will want to research 3rd party products that are capable of doing analytics of email data on the web.  There are many 3rd party cloud based products out there, and I recommend reaching out to Gartner or doing your own web-based research to learn which companies provide this service.  From there you can often trial their services and pick the best one for your needs.

DMARC and how do they analyze your Email Data?

So, once you have chosen a provider, they will typically have you add a DMARC (Domain-Based Message Authentication, Reporting, and Conformance) to your external DNS record.  DMARC is a protocol that can be used to detect and prevent fraudulent email messages from sending or being delivered.  Learn more at  https://dmarc.org/ . DMARC records should initially be configured to run in a “monitoring” mode, so that you can analyze the data before setting up and form of hard failure. With the right 3rd party solution in place your organization can begin to analyze the abuse that is happening outside your organization.

The syntax of a DMARC record setup for monitoring only will typically look like this:

Name: _dmarc.domainname.com

Type: TXT

V=DMARC1;p=none;fo=1;rua=mailto:[email protected]

DMARC record and Mailflow

DMARC is intended to fit into your businesses existing inbound email processing, but before we can dive into what this means we are going to have to cover some other aspects of this topic first.  These additional aspects will be covered as part of a series of blog posts ultimately providing the foundation required to ensure that you are able to implement email brand protection for your organization.  You don’t want anyone spoofing email.  Stay tuned to learn more soon!

Check out more information about technology on our site here!