THE ROOT GROUP NEWSLETTER
Phishing 101 – SFP, DKIM, DMARC
Phishing has become one of the biggest security threats to the modern network, and the attacks are growing more sophisticated every week. Preventing successful phishing attacks requires a multi-pronged approach and SFP, DKIM and DMARC are some of the tools that you should be using.
SPF lets you inform the rest of the internet about the IP addresses that are allowed to send mail from your domain. It also works in the other direction. Your antispam system can read the SPF records of outside senders and judge whether the incoming mail is legitimate. SPF usually operates using the SMTP envelope’s “Mail From:” domain.
DKIM allows you to apply a digital signature to your outgoing messages, so that the recipient will know if they have been modified in transit. If someone sends you a message that is signed, and the signature is valid, then you know that the message and all of its signed headers are unchanged. You also know that the signer has control of the domain indicated in the signature (which is not necessarily the From: domain).
DMARC ties together SPF and DKIM by allowing the sending organization to specify the relationship of SPF and DKIM to the domain in the From: header. In its strictest mode, DMARC requires that the From: header domain be the same as the (valid) SPF domain, and that the DKIM signing domain also match the From: header of the message.
These technologies are important in combating outright spoofs of legitimate domains, but they can’t stop someone from sending a message with a display name that matches your CEO’s name, or a From: domain that looks very similar to a legitimate one but is slightly different. Those scenarios require vigilance on the part of the users. Many organizations now place a warning banner on all messages from the outside, which can help users recognize fakes that are made to look like they’re from a coworker, but are actually from an outsider. Additionally, some spam filtering solutions now offer advanced algorithms, such as detecting familiar language asking for a favor in a message from someone that the user has never received mail from – a likely indicator of a phishing attempt.
Regulatory Compliances meets Best Practices
As more and more of your customers and partners require you to meet IT regulatory compliances such as PCI, SOC 2, ISO, NIST, HIPAA, etc., you should take the opportunity to use a “kill two birds with one stone” approach and not only meet those compliance requirements, but also incorporate design constructs that generate a security best-practices framework. Design and build for your compliance future and improve your overall security readiness. We can help you develop the baseline security best-practices that will help you attain these goals. We can help identify the critical processes and tools that fit your business and industry regulations and also give you tips on how to manage expectations when working with legal departments and executives. We will be hosting a webinar along with American Cyber Security Management on Thursday, July 23 to discuss this in greater detail. Be on the lookout for the invite!