croom new

Digital Seattle's Newsletter

Digital Seattle has been serving the Seattle area since 1996, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Most Popular Domains Make the Biggest Targets for Email Spoofing

The Most Popular Domains Make the Biggest Targets for Email Spoofing

Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.

According to a Swedish cybersecurity firm called Detectify, there are major online domains that are at risk of email spoofing due to misconfigured server settings. Email spoofing is the act of sending a message, while masking the true email address that it comes from. This allows hackers to forge the sender address to suit their needs. Generally speaking, email messages don’t have automatic authentication built into them. This is something that must be configured on the server side of things.

Thankfully, there are ways to properly configure your email server, but unless you’re a hardcore techie, you run the risk of either configuring the system incorrectly, or changing settings that may compromise your security. Yet, it’s still important to keep in mind how the solutions that prevent email spoofing, work. Here’s a breakdown of the details:

  • Sender Policy Framework (SPF): This is a record that’s checked alongside the DNS (Domain Name System) record, in order to decide whether or not the server is allowed to send email using the specific domain. SPF uses three identifiers for its messages: softfail (accept the message, but mark it as spam), hardfail (reject the message entirely), and neutral (do nothing and let the message through unhindered).
  • DomainKeys Identified Mail (DKIM): DKIM hashes the body and the header of the email separately, and creates a private key that gets sent with the message. Once the message is received, the key will perform a DNS request to see where the email originated. If everything adds up properly, the message is received.
  • Domain-based Message Authentication Reporting and Conformance (DMARC): DMARC is considered the ideal solution, as it makes use of both SPF and DKIM to identify an email. DMARC’s functions split into three: reject (a full rejection, and the end-user never sees the message), quarantine (the message is stored for your review), and none (allow the message through). The idea is to either identify messages as fraudulent, or provide the system administrators with the ability to review them and make the decision themselves.

You might be wondering why we’re even bringing this up, and it’s because Detectify discovered that, out of the top 500 sites on the Internet, 276 of them can be spoofed. Detectify considers servers that don’t have SPF or DMARC configured correctly to be vulnerable to email spoofing - this includes using no SPF at all, using SPF with softfail only, and using DMARC with action none. Therefore, you need to take measures to ensure that your team knows how best to identify spoofed email domains, and phishing messages in general. If you don’t, you could be placing your business in harm’s way. On top of that, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.

The best way to keep your employees from falling into this trap is by ensuring that you’ve educated them on security best practices, and to limit their exposure to such threats in the first place. This includes taking the time to explain to them how phishing threats and other security discrepancies behave, as well as implementing solutions to keep suspicious messages out of your inbox in the first place.

Your business needs to consider security a top priority, and only Digital Seattle can help. Reach out to us at (206) 709-9556.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, 23 April 2017

Captcha Image

  • Who Are We?
  • Refer A Friend
Who Are We?

It's Nice To Know Who You're Working With, We Get That

Digital Seattle understands that making a decision means putting your trust in us. We encourage you to find out more about our company and read testimonials from our many satisfied customers!

About Digital Seattle
 

Refer A Friend To Digital Seattle!

Do you know someone who you think my benefit from our services? Let us know and we will get in touch with them!

Read More
Refer a Friend
 

Latest Blog Entry

Cloud computing has taken the business world by storm, fulfilling so many needs and simplifying as many processes. If you’ve been on the fence about incorporating the cloud into your IT infrastructure, you should know a few of these benefits to help you make your choice. ...

Latest News

Digital Seattle Adds More Competencies To Their Preferred Partner Status!

Digital Seattle Inc. Announces that we have become a Preferred Partner in Dell's PartnerDirect program, certified in Network Security, Servers, and Workstations.

Read more ...

Account Login