Protecting Your Brand from Phishing: Using DMARC to identify, quarantine and block phishing emails.

Over the past two weeks you have been provided a lot of information about how to authenticate your email streams and create a DMARC record. Ultimately, it should be a goal for any organization that relies on email as a revenue center to block suspected fraudulent messages from being received by subscribers. However, it is important not to rush in to blocking suspected fraudulent messages until you have identified the scope of the problem, are confident that your outbound mail is authenticated with SPF and DKIM and have a properly configured DMARC DNS text record.

Step 1: Identify and monitor suspected fraudulent messages

Before you start blocking suspected fraudulent messages, you need to gain visibility in to all of your company’s outbound mail streams. In your DMARC record within DNS, set the ‘p=’ tag to “none” and use Return Path’s Email Brand Monitor to identify suspected phishing and spoofing activity. This instructs mailbox providers NOT to take action if the DMARC check fails. It also allows you to receive reports about suspected phishing activity using your domain.

Step 2: Quarantine suspected fraudulent messages

While you gain confidence and experience that all of your outbound mail streams are authenticating properly, take the next step and set the DMARC DNS record ‘p=’ tag to “quarantine”. Mailbox providers may treat this instruction to automatically send suspected fraudulent messages to the spam folder or it may cause a “suspected phishing” message to be displayed to the subscriber and advise the subscriber to use caution when opening the message.

During this time, diligently check your reports within the Secure.EQ solution user interface. With the ability to receive DMARC reports, our solutions analyze the aggregate reports and present back detailed intelligence on suspicious messages and authentication failures. Our anti-phishing solutions have integrated support for DMARC, helping you to quickly and easily take advantage of the benefits.

Step 3: Block phishing and spoofing messages

Once you are confident that your system is authenticating all outbound mail streams with no errors, set the DMARC DNS record ‘p=’ tag to “reject” and place your domains on Return Path’s Domain Protect Registry. This instructs the mailbox providers to block suspected fraudulent messages. The first two steps are critical before changing your DNS record to “reject”.  If you haven’t identified that you have suspected fraudulent messages and started receiving and monitoring quarantined messages then you could be at risk of instructing ISPs to block your own messages.

Spoofing and phishing is increasingly a big problem for companies worldwide so continue to arm yourself with the information and the tools your business needs to protect your valuable subscribers from phishing attacks. All mailbox providers including Gmail, Yahoo!, AOL and Microsoft take phishing attacks very seriously. Phishing attacks not only harm your brand’s image but can also lead to mailbox providers and subscribers perceiving your legitimate messages as a phishing attack or spam.