Who is using your domain for phishing & spam?
E-mail Authentication
DMARC Compass™
Dan Ingevaldson
CTO
Email is a mission-critical communication channel for most companies.
Over 205 billion emails are sent and received every day (112.5 billion business emails).¹
Email has also become an untrusted channel. Thanks to spam and phishing scams, users are taught to be wary of incoming messages.
59.2%
2015 Proportion of Spam in Email²
Spam
97% of people globally are unable to correctly identify phishing emails³
This lack of trust impacts a company’s ability to effectively communicate, market, and sell to customers via email.
In 2014, email ROI reached
2,500%.⁴
DMARC • Provides visibility into email flows
• Tells receiving servers to delete spoofed messages
immediately upon receipt
• Ensures only legitimate emails are delivered to
inboxes
Getting started with DMARC is easy. Any email sender and receiver can use the DMARC rails provided by the global community.
Free use of the rails provides access to the critical, raw reporting data that helps you see who is sending email and who is spoofing your brand.
MonitorA domain owner can begin using DMARC in "monitor mode" to collect data from participating receivers.
QuarantineAs the data shows that their legitimate traffic is passing authentication checks, they can change their policy to request that failing messages be quarantined.
RejectAs they grow confident that no legitimate messages are being incorrectly quarantined, they can move to a "reject" policy.
“DMARC protects more than 85% of the people who receive and send e-mail from Facebook”
Michael Adkins, Facebook
“Implementing DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday season alone”Trent Adams, PayPay / Ebay, Chair of DMARC.org
Does it work?
The DMARC Standard DMARC is an IETF Draft Specification that allows email receivers
to determine if an email is authentic and what to do if it is not
DMARC Compass™ a comprehensive tool that provides clear visibility into your e-mail delivery environment
What is needed for Complete Visibility?
Putting DMARC into Context
% of Incidents from DMARC?
<20%Hacked
Sites
Social Media
FraudulentDomains
DMARC
Malware/Mobile Apps
Non-spoofed Phish
Active Monitoring
DMARC on its own is not a complete fraud strategy – but anything that provides some visibility is a win. Make sure that you have other layers in place to protect against these other threats.
Proactive Threat Detection and Takedown
18
DMARC Compass™
Detect Monitoring Service™
Threat Reduction
Attack Deactivation
Differentiators Initiate server takedowns backed by 24/7/365 Security Operations Center
Full Restful API to leverage Compass data elsewhere in your stack
Customized reporting for analytics
Shares intelligence with the rest of our products
Determine your server policies through Compass ExplorerDeploy DNS TXT recordMonitor results in Compass portalAuthorize, deauthorize servers as they are identifiedMigrate DNS policies for stricter e-mail handling
Deployment
Learn more: DMARC CompassContact us: [email protected]
Sources:1. http://
www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf
2. https://securelist.com/analysis/quarterly-spam-reports/69932/spam-and-phishing-in-the-first-quarter-of-2015/
3. http://www.information-age.com/technology/security/123459514/think-you-can-spot-scam-97-people-wouldnt-know-phishing-email-if-it-hooked-them
4. http://www.cmo.com/articles/2015/1/6/15_stats_marketing_ROI.html