Ask the Compliance Experts: Is there advice to follow if your company is being spoofed?

AskComplianceExpert2022tip6

In 2021, Webbula launched a video series, 'Ask the Email Experts' where we sat down with email industry experts to discuss various topics within the email marketing world. 

Webbula would like to introduce our new series. 'Ask the Compliance Experts'. A series that brings awareness to compliance and security within the email industry utilizing top deliverability and compliance experts.

Subscribe to our newsletter to keep up with new each month.  

Are you a compliance expert and want your voice to be heard in the series? Let us know! 

Yanna-Torry Aspraki

Alice Spencers

Sergey Syerkin



 

 

yann-torry-authentication

Yanna-Torry Aspraki

Deliverability Specialist and CRO of EmailConsul

linkedin

 

If you think your domains or sub domains are being spoofed the first thing to do is authenticate your domain. Implement SPF and DKIM with all the tools you use to send emails. This includes your marketing emails, transactional ones, and the ones coming from your business inbox. This means anything that sends emails with your domains. Absolutely everything. Then you implement DMARC with a policy of none and wait for the DMARC reports to come in and slowly push it towards a policy of reject. You can use tools Like RedSift in order to manage and see your DMARC reports in an easy manner, or you can download them and use this really handy tool to make it easier to read courtesy of dmarcian.

When you are receiving DMARC reports you will be able to see if any unauthenticated emails are being sent using your domains. Sometimes you might realize you are the one spoofing your own domains as you didn’t authenticate a particular tool with SPF and/or DKIM. Other times you will realize someone else is sending emails with your domain. When this happens, you can take the IP it was sent from, check the WHOIS in order to see who owns it, and then send an email explaining the situation to the abused email address that you find in the WHOIS. They will be able to take it from there and communicate back with you how things are going. By implementing DMARC, you are essentially protecting your email from being spoofed by disallowing any emails that haven't been sent by you to be allowed into inboxes.

 

 

 

alicespencer

Alice Spencer

Senior Manager, Deliverability Services at Ometria

linkedin

 

Not all spoofing can be prevented or acted upon once it has happened. However, it is important to make sure you are doing all that you can to make it hard for spoofers to use your brand. Email spoofing is a common threat so it is especially important to protect your email domains:

  • Make sure you know what domains your business is using to send from, not just for marketing but all departments. Don't forget about 3rd party systems used to send on your behalf.
  • Make sure all sending domains are correctly authenticated with SPF and DKIM.
  • Look to implement DMARC at least to a quarantine level on all sending domains. Depending on how many domains you need to protect this can be a big task, so invest in a DMARC platform or consultant to help you.
  • Implement BIMI so that legitimate emails show your logo in BIMI-ready inboxes.
  • Don't forget to lock down parked domains - these are non-sending domains, often lookalike domains, that companies own to prevent misuse. Just because you own them doesn't mean someone won't try and use them. Make sure these domains have authentication that prevents use including an SPF record sent to use-all, and a DMARC record set to reject.

If you are being spoofed then you need to make sure you have processes in place to take action once it is reported:

  • If your staff members are receiving spoofed messages, discuss with your IT administrators to improve your security and ensure staff is trained to recognize spoofed messages.
  • Ensuring your customer service and support teams know whom to contact internally if a customer reports spoofing using your brand or content to you.
  • Work with a takedown vendor to ensure any fraudulent websites associated with the spoof are shut down asap.

 

Is your Data Quality failing you?

Does your data look like this? 

Data Quality-02

But you want it to look like this?

Data Quality-03

Learn how Webbula can help improve your data quality today.

 

 

sergey

Sergey Serkin

Founder & CPO of EmailConsul, Email Deliverability and Anti-Abuse Evangelist

linkedin

Email spoofing is the act of sending emails with a forged sender address. Simply put, a tool for a phishing attack to steal some info, funds, accounts, etc. Also, it is used a lot by spammers trying to avoid spam filters by pretending someone else.

In reality, it is not possible to fully stop email spoofing simply because of the nature of how SMTP works, which doesn't require a specific authentication and at some point is the technology's vulnerability. However, there are some steps that you can take to minimize the impact. Most of the mailbox providers, unfortunately not all of them, use some additional checks to reduce spoofing, such as:

The Sender Policy Framework (SPF) is an email-authentication technique that is used to prevent spammers from sending messages on behalf of your domain.

Domain Keys Identified Mail (DKIM) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain.

Domain-based Message Authentication, Reporting, & Conformance (DMARC) is a protocol that uses SPF and DKIM to determine the authenticity of an email message.

An ordinary email user can protect themselves from most spoofing attacks by being cautious and smartly investigating the email headers and checking for the SPF, DKIM, and DMARC as well as for the website of a sender to make sure it is a legitimate company, and not someone pretending to be someone else.

If you enjoyed this post, be sure to look for future posts in this video series by signing up for our weekly newsletter!

 

Verify, Protect and Grow Your Database