Are you still waiting for DMARC enforcement? Perhaps your DMARC system is not cloud-ready. - PowerPoint PPT Presentation

About This Presentation
Title:

Are you still waiting for DMARC enforcement? Perhaps your DMARC system is not cloud-ready.

Description:

Many companies are increasingly aware of the threat posed by phishing attempts that spoof the sender's identity. To defend oneself from email spoofing, almost one million domain owners have begun to deploy DMARC email authentication. – PowerPoint PPT presentation

Number of Views:8
Slides: 7
Provided by: rawatnimisha
Category:

less

Transcript and Presenter's Notes

Title: Are you still waiting for DMARC enforcement? Perhaps your DMARC system is not cloud-ready.


1
Are you still waiting for DMARC enforcement?
Perhaps your DMARC system is not cloud-ready.
  • Many companies are increasingly aware of the
    threat posed by phishing attempts that spoof the
    sender's identity. To defend oneself from email
    spoofing, almost one million domain owners have
    begun to deploy DMARC email authentication.

2
  • Setting up a DMARC policy that truly protects you
    is a totally different issue. Before you can
    implement DMARC, you must first understand the
    entire scope of your email ecosystem. Which cloud
    services are sending email on behalf of your
    domain, and which attackers may be utilizing your
    email to launch phishing attacks. Then you must
    take action, blocking the malicious actors and
    ensuring that lawful services are properly
    approved.
  • However, cloud services can occasionally
    obstruct this process by making it difficult to
    know which services are sending emails on your
    behalf. This is one of the reasons why DMARC
    enforcement might be more difficult than it
    appears.

3
Email Visibility Matters
  • To get things done properly, email authentication
    has always necessitated meticulous planning.
    However, doing so was less risky prior to the
    migration of business software and on-premises
    mail exchanges to cloud platforms.
  • Today, many SaaS services employ email to
    increase engagement, conversion, and retention,
    as well as to offer notifications and updates.
    You may, of course, arrange for them to send
    emails from your domain, making it appear as
    though the emails are originating from your
    organization rather than cloudprovider.com.
  • Only around 2 of the hundreds of cloud apps in
    the market (now much more than 100) are
    well-known and frequently utilized, accounting
    for 90 to 98 of the email traffic sent by a
    typical organization. However, there are
    thousands of different services available, each
    with its own set of SPF and/or DKIM setting
    requirements.
  • Many DMARC solutions can identify and assist you
    in configuring the top 2 of cloud services. But
    what about the remaining 98? How do you track
    them down?

4
DMARC Reports Analysis
  • DMARC aggregate reports are massive XML data
    dumps that use IP addresses to identify
    transmitting services. To get the most out of
    these reports, you'd have to figure out which
    cloud services the addresses correspond to at the
    time the report was performed.
  • You'll then need to ensure that your SPF record
    includes the services you wish to allow, without
    exceeding the 10 DNS lookup limit or resorting to
    risky tactics like SPF flattening (basically,
    listing all those IP addresses numerically
    instead of referring to the service with a domain
    name).
  • Assume you wish to DMARC-enforce a very big
    domain, such as a state government domain or a
    major retail domain with hundreds of subdomains,
    each with its own administrator and a separate
    set of cloud services that use that subdomain to
    send an email. You must now resolve the cloud
    visibility issue for each of those subdomains, as
    well as deal with SPF and DKIM setup for each of
    those apps in each subdomain.
  • It's no surprise, therefore, that the total
    DMARC enforcement rate for major firms is so
    lowaround 30 for most industries.

5
The Right Way Out
  • To solve the cloud visibility problem
    definitively, you must be able to identify every
    cloud service by name. Instead of parsing through
    XML DMARC reports and mapping IP addresses to
    cloud services, its much easier if you can
    actually see what cloud services your domain
    uses, by name.
  • Once you have that visibility, its easier to
    create an optimal SPF record, set up DKIM, and
    apply a DMARC policy across your entire domain
    and all of its subdomains. Ideally, youd also
    want to enable role-based access control for each
    subdomain, so each of those administrators can
    manage their own subdomain.

6
  • Imagine never having to touch DNS again. And
    imagine automating all the steps needed to
    validate the legitimate email serviceschecking
    SPF records, validating DKIM encryption keys for
    each service, and making the necessary updates to
    DMARC records in DNS.
  • Thats the promise of EmailAuth, which is used
    today by some of the worlds biggest enterprises
    to gain DMARC report visibility and get to DMARC
    enforcement.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Are you still waiting for DMARC enforcement? Perhaps your DMARC system is not cloud-ready." is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!