How to Protect Your Brand from Scary Risks Posed by New Domains
There are over 100 million domains ending in “.com.” But now, thanks to a new generic top-level domain (gTLD) program, there are many more options. Companies can replace .com with domain extensions that are more consistent with their industry, like .bank, .realty, or .shop. Some companies have gone one step further and bought their own top-level domain (TLD). For example, Barclays recently announced that they will transition their web sites over time to .Barclays and .Barclaycard to create a more trusted environment.
So far, the internet community has largely endorsed the program it’s even been touted as “The Next Marketing Frontier.” But brands aren’t the only ones benefiting from the internet’s new real estate. Cybercriminals are leveraging new domains to promote illegitimate campaigns.
According to a study by Kaspersky Lab, email traffic in Q1 2015 saw a considerable increase in spam coming from new domains. Spammers registered new domains to send fraudulent messages, hack existing sites to place spam pages, or redirect users to spam sites.
Without visibility into who is sending fraudulent emails on behalf of domains you own, it’s impossible to proactively fight attacks like these before it’s too late. Just one email attack can result in huge costs for brands and customers.
The solution? DMARC.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is the best weapon brands have to protect their reputation and customers from email attackers attempting to spoof domains owned by the company, including new domains.
For the financial industry, DMARC shouldn’t be an option. And while only 20% of banks have fully implemented DMARC on their existing .com domain, any bank wishing to register for the new .bank TLD is required to implement DMARC.
The DMARC standard instructs mailbox providers like Gmail and Outlook on what to do if a message fails SPF and DKIM authentication. Brands can choose to send suspicious messages to the junk folder, or block them entirely. Mailbox providers then send regular failure reports back to senders, detailing what messages were blocked, and why.
DMARC yields huge results for adopters. As the chart from a US financial services firm below shows, domain-based attacks from the brand dropped to zero soon after they implemented DMARC.
And DMARC not only helps prevent phishing and spoofing emails from reaching customers, it can discourage fraudsters from even attempting to exploit the DMARC-protected brand.