DMARCation of the email cyber threat

Do you know about DMARC? Patrick Peterson thinks your customers should implement it

Many security breaches or incidents have some form of email exploit in common.

And it's getting worse. The amount of money that can be made by these exploits is enormous – hundreds of millions of pounds – and the ranks of email criminals continue to expand.

A favourite approach is to take advantage of design flaws in the basic architecture of the internet to send email from what looks like a legitimate domain, usually a .com return address that seems like those used by legitimate businesses.

Domain spoofing is easy, but the technical loophole can be closed using domain-based message authentication, reporting and conformance (DMARC) technology.

DMARC was developed by consumer webmail developers including Microsoft, Google, Yahoo and PayPal. When DMARC is implemented, a virtual "handshake" of sorts is initiated with the email recipients.

Most email receivers already support DMARC, whose adoption began to take off in 2012. Today it is being implemented rapidly by brand-conscious companies that want to secure email as their most frequently used communication technology.

Adoption in the UK has been estimated at 70 per cent, so there are still many companies which have yet to implement DMARC standards, and companies are reporting that cyber attack is the biggest risk they face.

DMARC is the only email technology that gives complete visibility of who is sending email on your behalf, at internet scale.

Many companies are surprised to learn exactly how many domains and sub-domains within their organisation and their authorised third-party senders are delivering customer messages.

What's more, DMARC gives companies the ability to control what happens when a fraudulent email is sent. This security control did not exist before DMARC and it helps companies prevent malicious email from reaching an inbox.

Customer confidence is arguably the most important asset a company can have. The fallout following a security breach where user information has been stolen and then sold can seriously damage that trust, jeopardising customer relationships that may have been nurtured over many years.

DMARC means that email recipients can know with confidence that the emails they are receiving from a company's registered domain are legitimate messages from one of their trusted brands.

Patrick Peterson is chief executive and founder of Agari