Email providers can stop spoof emails impersonating them from reaching their customer’s inbox or junk/bulk folder by enabling DMARC, says Venkata Satish Guttula.
Illustration: Dominic Xavier/Rediff.com.
It is more than a month since any of us travelled by air. But we can still remember how the security officer stopped us at the gate to check our tickets/boarding passes and compared it with our identification documents.
The security officer matches our name on the ticket/boarding pass with our identification documents like driving licence or passport. He allowed us in if the details matched or stopped us from going inside if the details did not match.
Now take the case of emails. Even though the email provider knows that the incoming email is a spoof email, they still allow it. This email is delivered either in the inbox or in the bulk/junk folder.
In the current COVID-19 situation, the number of spoof emails sent has increased substantially. Many people are falling victim and are losing their previous earnings.
Losses due to compromise of the email system or user are high -- according to a 2016 report from the FBI, the amount lost to CEO Email Scams is approximately $2.3 billion. The email is the most common vector in over 90% cyber-attacks across the world.
But why are email providers delivering this spoof email and not rejecting it, like what airport the security officer does?
Because there is no such rule written for emails.
Email spoofing is a method where the sender makes it appear that the message originated from someone or somewhere reliable and not from the actual source. It is a popular method used in phishing and spam campaigns because unsuspecting people will open the emails thinking that it has come from a known or reliable source.
Email providers can stop spoof emails impersonating them from reaching their customer’s inbox or junk/bulk folder by enabling DMARC.
What is DMARC?
To fight email spoofing, a group of leading organisations came together to collaborate on a method to combat email spoofing at internet-scale.
The founding contributors included:
Receivers: AOL, Comcast, Gmail, Hotmail, Netease, Yahoo! Mail.
Senders: American Greetings, Bank of America, Facebook, Fidelity, JPMorgan Chase & Co., LinkedIn, PayPal
Intermediaries & Vendors: Agari, Cloudmark, ReturnPath, Trusted Domain Project
The primary mission was two-fold:
1. Enable senders to publish easily discoverable policies on unauthenticated email
2. Enable receivers to provide authentication reporting to senders so that they can improve and monitor their authentication infrastructure
The common goal for the group was to develop an operational specification, with the desire that it would be able to achieve formal standards status. The result was the creation of an email authentication protocol -- domain-based message authentication, reporting, and conformance, commonly referred to as DMARC.
The Protocols, Explained
The authentication protocols enable the elimination of email spoofing and the integrity of the email, and its sender is established. To achieve this, DMARC and the following components should be configured.
DMARC builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor the protection of the domain from fraudulent email.
Domain Keys Identified Mail (DKIM) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorised by the owner of that domain. This is done by giving the email a digital signature.
Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. With SPF, an organisation can publish authorised mail servers.