Have you recently been the target of a phishing attack? Phishing is a fraud attempt in which a criminal tries to obtain personal information, such as usernames and passwords to access services, or even an action from the victims such as sending money or payment for services supposedly provided. Phishing can take many forms including social hacking, but for the purpose of this article we restrict the explanation to the use of email as the medium for initiating attacks. In this context attackers forge messages that are sent to victims by presenting themselves to the targeted persons as the sender of a trustworthy person or entity.
To protect our customers we have implemented all technically possible measures to inform mail servers around the world who is authorized to send messages on behalf of customers.
However, since spoofed messages are forged on third-party (criminal’s) systems and sent back to third-party (customers’/vendors’) systems, the successful operation of anti-phishing measures also depends on the quality of the mail servers used by your customers and vendors. It is the systems that receive the malicious messages with forged origin that are responsible for identifying and filtering these messages using the information disclosed by Sooma.
By default, we implemented the SPF – Sender Policy Framework methodology which informs all mail servers which systems are authorized to send messages on behalf of our clients. Here we take the opportunity to inform that any systems not explicitly authorized should immediately be considered abusive and forged.
In addition we have implemented two further measures to protect against phishing attacks.
DKIM – DomainKeys Identified Mail in which we use encryption techniques to allow third party mail servers that receive messages identifying themselves as coming from one of our customers to confirm the authenticity of these messages.
And DMARC – Domain-based Message Authentication, Reporting & Conformance which extends SPF and DKIM measures so that mail servers that eventually receive malicious messages forged to look like they came from our customers can know what we recommend be done with the messages (e.g. deleting and automatically alerting the offending customer).
Do you want the additional anti-phishing measures DKIM and DMARC to be implemented in the domains supporting your email service? The implementation of these additional protection measures does not represent any commercial cost.
Please contact us whenever you need support or have a question.