DMARC Domain-based Message Authentication, Reporting and Conformance
The standard allowing to define whether really the letter was sent from the specified domain. Support of DMARC allows to reveal and filter spam and phishing letters disguised under legal mailings with a bigger accuracy.
Content |
DMARC (Domain-based Message Authentication, Reporting and Conformance) is the technical specification created by group of the organizations for fight against the spammers forging the addresses of senders. Thanks to the DMARC setup owners of domains can create processing rules of letters which arrived from the domains which did not undergo authorization. The strict policy of DMARC (on server side of the sender) guarantees to the receiver of the letter that the sender is authorized to use the address specified in the From: field (From:). Thus, DMARC allows to reveal and stop substitution of the return address of the sender which is made by phishers and spammers for carrying out false mailings on behalf of the authoritative company or, in case of domains of free mailboxes, on behalf of other users.
The key technology known as Domain-based Message Authentication, Reporting, and Conformance, or DMARC, considerably reduces possibilities of malefactors to forge target domains and heads of the enterprises, checking a way from the sending server to a mailbox of the receiver. Besides, this technology allows administrators of e-mail of the organization to gain an impression how there is an abuse of the domain in e-mail.
Every year malefactors use substitution in phishing attacks for obtaining credentials of users and also in the schemes BEC where they send counterfeit accounts from suppliers or requests for payment from expected company executives to accounting of an object. In 2019 FBI received nearly 24,000 complaints to fraud by means of VES for the total amount of 1.8 billion dollars, according to the annual report of the Center of complaints to crimes on the Internet.
There are technologies of protection of e-mail intended to prevent attempts of malefactors to issue itself for the legal organizations. Sender Policy Framework (SPF) adds legitimate mail servers to authoritative DNS record for the domain. The Domain Keys Identified Mail (DKIM) technology signs electronic messages for confirmation that they were not changed. At last, DMARC checks that the address From of the message corresponds to information checked by SPF and DKIM. Besides, DMARC creates summary reports on the mail traffic sent from the domain of the administrator.
Forrester recommends to the companies to work with the supplier of infrastructure of e-mail to configure it and to consider the possibility of involvement of the consultant.
Besides, obtaining all advantages of technology in the field of security requires time. Administrators of e-mail of the organization can select three different politicians for messages which did not undergo testing: Complete delivery of messages, quarantine of messages or rejection of messages. In 2019 71% of the companies could not apply strict rules, without having taken any actions and having permitted delivery of messages, according to data of DMARC.org.
SMTP
Main article: SMTP
In the basic transfer protocol of e-mail of SMTP there is a shortcoming: he does not allow to carry out authentication of external senders up to standard. Speaking to simple words, when sending the letter in the field of From it is possible to substitute any address. For example, the user who received the letter from mother cannot be sure that it was written by her. Counterfeit of email can be recognized, but for this purpose it is necessary to be technically grounded specialist: it is necessary to verify headings, the service information, the server and IP from which the letter arrived.
Fraud with e-mail
Main article: Fraud with e-mail (business email compromise, invoice fraud)
The compromise of corporate e-mail (engl. business email compromise or invoice fraud) is a fraud at which the criminal represents from himself the seller or the business partner and convinces the representative of the company to transfer the large amount to the offshore account as "payment" for services which never rendered. Usually the swindler carefully studies interaction between two partners and the used payment methods of services. Then the swindler cracks an electronic mailbox of one of partners or convincingly forges corporate e-mail to send the account or a request for bank transfer for the rendered services.
2013
In February, 2013 the Mail.Ru Mail became the first in Runet mail service supporting standards of DMARC. It allows to define more precisely what letters are sent by real people and the organizations and what – spammers and phishers.
Owners of domains have an opportunity to manage actions which the Mail.Ru Mail takes concerning false letters (i.e. where the source address is disguised by the malefactor under their own). The letters recognized false can be passed, sent to the Spam folder, or are not accepted by the mail server at all. For example, the authorized sender can specify that 100% of such false letters should be considered as spam – in that case the attacks will become just senseless.
The Mail.Ru mail improves the systems of interaction of service with the Internet companies which communicate with the audience using e-mail. Earlier the Post-master of Mail.Ru service for the companies sending large volumes of letters was already started, then service began to provide a subscription to FBL. All these steps are directed to improvement of interaction of senders with receivers and elimination from this chain of phishers and spammers.
One of methods of protection against malefactors — use of the digital signatures DKIM which confirm that the letter was valid is sent from the specified domain. Only those senders whose letters are signed by DKIM can learn statistics on the letters through the Post-master service. "By the time of start of the Post-master in the fall of 2011 only 15% of the letters coming to users of Mail.Ru were signed by DKIM. In one and a half years of work of service in the Post-master about 15 thousand domains were registered, and the share of letters with DKIM increased up to 80%. Now all senders using DKIM can also configure DMARC — it will allow to increase efficiency of filtering of counterfeit messages" — Anikin Denis, the technical director of the Mail.Ru Mail notes.
2016
Since May 18, 2016 the Mail.Ru Mail includes the strict policy of DMARC for all main domains of free mail. This step will allow to increase the accuracy of department of the letters sent by real people and the organizations from messages of spammers and malefactors.
Earlier strict policy of DMARC was included only for the office domains Mail.Ru Group (for example, @corp.mail.ru) as they are most often forged by phishers. Now it is also applied to the domain mail.ua. On April 25 start of strict policy of DMARC is planned for the domain bk.ru, and on May 18 it will be extended to all domains of free mailboxes (list.ru, inbox.ru and mail.ru). In the interface of Mail of the letter to which the strict policy of DMARC, but which can be affected by it in the future is not extended yet are at the moment marked with the notification that the source address could be potentially forged.
Step-by-step implementation of the standard with a preview of warnings of possible counterfeit of the address guarantees that legal rassylshchik who incorrectly specify the sender will manage to adapt to toughening of rules and to carry out required reconfiguration.
See Also
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- Cryptography
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Jackpotting
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Rootkit
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Trojan
- Botha's botnet
- Backdoor
- Worms Stuxnet Regin
- Flood
- Information loss preventions (DLP)
- Skimming (shimming)
- Spam
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Antiviruses
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- Firewalls
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |