RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2016/04/22 11:12:35

DMARC Domain-based Message Authentication, Reporting and Conformance

The standard allowing to define whether really the letter was sent from the specified domain. Support of DMARC allows to reveal and filter spam and phishing letters disguised under legal mailings with a bigger accuracy.

Content

DMARC (Domain-based Message Authentication, Reporting and Conformance) is the technical specification created by group of the organizations for fight against the spammers forging the addresses of senders. Thanks to the DMARC setup owners of domains can create processing rules of letters which arrived from the domains which did not undergo authorization. The strict policy of DMARC (on server side of the sender) guarantees to the receiver of the letter that the sender is authorized to use the address specified in the From: field (From:). Thus, DMARC allows to reveal and stop substitution of the return address of the sender which is made by phishers and spammers for carrying out false mailings on behalf of the authoritative company or, in case of domains of free mailboxes, on behalf of other users.

The key technology known as Domain-based Message Authentication, Reporting, and Conformance, or DMARC, considerably reduces possibilities of malefactors to forge target domains and heads of the enterprises, checking a way from the sending server to a mailbox of the receiver. Besides, this technology allows administrators of e-mail of the organization to gain an impression how there is an abuse of the domain in e-mail.

Every year malefactors use substitution in phishing attacks for obtaining credentials of users and also in the schemes BEC where they send counterfeit accounts from suppliers or requests for payment from expected company executives to accounting of an object. In 2019 FBI received nearly 24,000 complaints to fraud by means of VES for the total amount of 1.8 billion dollars, according to the annual report of the Center of complaints to crimes on the Internet.

There are technologies of protection of e-mail intended to prevent attempts of malefactors to issue itself for the legal organizations. Sender Policy Framework (SPF) adds legitimate mail servers to authoritative DNS record for the domain. The Domain Keys Identified Mail (DKIM) technology signs electronic messages for confirmation that they were not changed. At last, DMARC checks that the address From of the message corresponds to information checked by SPF and DKIM. Besides, DMARC creates summary reports on the mail traffic sent from the domain of the administrator.

Forrester recommends to the companies to work with the supplier of infrastructure of e-mail to configure it and to consider the possibility of involvement of the consultant.

Besides, obtaining all advantages of technology in the field of security requires time. Administrators of e-mail of the organization can select three different politicians for messages which did not undergo testing: Complete delivery of messages, quarantine of messages or rejection of messages. In 2019 71% of the companies could not apply strict rules, without having taken any actions and having permitted delivery of messages, according to data of DMARC.org.

SMTP

Main article: SMTP

In the basic transfer protocol of e-mail of SMTP there is a shortcoming: he does not allow to carry out authentication of external senders up to standard. Speaking to simple words, when sending the letter in the field of From it is possible to substitute any address. For example, the user who received the letter from mother cannot be sure that it was written by her. Counterfeit of email can be recognized, but for this purpose it is necessary to be technically grounded specialist: it is necessary to verify headings, the service information, the server and IP from which the letter arrived.

Fraud with e-mail

Main article: Fraud with e-mail (business email compromise, invoice fraud)

The compromise of corporate e-mail (engl. business email compromise or invoice fraud) is a fraud at which the criminal represents from himself the seller or the business partner and convinces the representative of the company to transfer the large amount to the offshore account as "payment" for services which never rendered. Usually the swindler carefully studies interaction between two partners and the used payment methods of services. Then the swindler cracks an electronic mailbox of one of partners or convincingly forges corporate e-mail to send the account or a request for bank transfer for the rendered services.

2013

In February, 2013 the Mail.Ru Mail became the first in Runet mail service supporting standards of DMARC. It allows to define more precisely what letters are sent by real people and the organizations and what – spammers and phishers.

Owners of domains have an opportunity to manage actions which the Mail.Ru Mail takes concerning false letters (i.e. where the source address is disguised by the malefactor under their own). The letters recognized false can be passed, sent to the Spam folder, or are not accepted by the mail server at all. For example, the authorized sender can specify that 100% of such false letters should be considered as spam – in that case the attacks will become just senseless.

The Mail.Ru mail improves the systems of interaction of service with the Internet companies which communicate with the audience using e-mail. Earlier the Post-master of Mail.Ru service for the companies sending large volumes of letters was already started, then service began to provide a subscription to FBL. All these steps are directed to improvement of interaction of senders with receivers and elimination from this chain of phishers and spammers.

One of methods of protection against malefactors — use of the digital signatures DKIM which confirm that the letter was valid is sent from the specified domain. Only those senders whose letters are signed by DKIM can learn statistics on the letters through the Post-master service. "By the time of start of the Post-master in the fall of 2011 only 15% of the letters coming to users of Mail.Ru were signed by DKIM. In one and a half years of work of service in the Post-master about 15 thousand domains were registered, and the share of letters with DKIM increased up to 80%. Now all senders using DKIM can also configure DMARC — it will allow to increase efficiency of filtering of counterfeit messages" — Anikin Denis, the technical director of the Mail.Ru Mail notes.

2016

Since May 18, 2016 the Mail.Ru Mail includes the strict policy of DMARC for all main domains of free mail. This step will allow to increase the accuracy of department of the letters sent by real people and the organizations from messages of spammers and malefactors.

Earlier strict policy of DMARC was included only for the office domains Mail.Ru Group (for example, @corp.mail.ru) as they are most often forged by phishers. Now it is also applied to the domain mail.ua. On April 25 start of strict policy of DMARC is planned for the domain bk.ru, and on May 18 it will be extended to all domains of free mailboxes (list.ru, inbox.ru and mail.ru). In the interface of Mail of the letter to which the strict policy of DMARC, but which can be affected by it in the future is not extended yet are at the moment marked with the notification that the source address could be potentially forged.

Step-by-step implementation of the standard with a preview of warnings of possible counterfeit of the address guarantees that legal rassylshchik who incorrectly specify the sender will manage to adapt to toughening of rules and to carry out required reconfiguration.

See Also