Return Path Helps Global Shipping Giant Block 12 Million Suspicious Messages Over 30 days
Implementing a DMARC (Domain-based Message Authentication, Reporting & Conformance) record is a great first step for any brand who wants to protect their brand and customers against email fraud.
It’s the best way to ensure that legitimate email coming from owned domains is properly authenticating against established DKIM and SPF standards, and that fraudulent activity appearing to come from domains under the organization’s control is blocked.
But DMARC alone isn’t enough. This story from a leading global shipping and logistics Return Path client reveals why.
The challenge: Fighting attacks from “cousin” domains
This company was no stranger to email security. The shipping and logistics industry is one of the most highly targeted by email fraud, so, even before working with Return Path, they implemented a robust email security plan, including a DMARC reject policy for all major domains.
But it wasn’t enough. The company soon discovered that their biggest threat actually came from fraudulent emails containing attachments that originated from “cousin” domains, or domains the brand didn’t own.
Since DMARC doesn’t address attacks from cousin domains, forwarded emails from customers were the only way to identify live attacks. Sorting through these reports was a very manual and dangerously slow process. The company knew they needed help.
The solution: Improving fraud detection and mitigating attacks
Improving DMARC coverage: The first thing Return Path helped this client with was improving their DMARC coverage and visibility, cleaning up a number of problem domains, and implementing a more efficient and standardized reporting process for DMARC data with a flexible and cloud-based user interface.
Mitigating attacks in real time: To quickly digest the high volume of potentially fraudulent messages flagged by customers, Return Path created daily reports to show reported abuse trends, including subject lines and URLs.
In addition, Return Path analyzed 7 billion emails daily to look for suspicious URLs and spoofing attacks from cousin domains targeting the brand, notifying their takedown vendor in real time to deactivate malicious websites before they could do significant harm.
Keeping the team informed: Return Path’s unmatched services team continues to work closely with this global organization to help them make sense of the huge data set, keeping them up-to-date on the latest trends, DMARC policies, cousin domains, and potential new threat vectors through standing review meetings.
- In a 30-day period, more than 12 million suspicious messages from 49 domains were blocked thanks to DMARC.
- Return Path identified and sent between 400,000 and 500,000 potentially malicious URLs to the company’s takedown vendor.
- The company now has true visibility into cousin domain trends, allowing them to protect their customers and their brand outside of DMARC.
- The company agreed to share their abuse feed, offering a higher degree of collaboration and insight from the Return Path team.
Want to hear more customer success stories from Return Path? Click here.
About Brian Westnedge
Brian is Senior Director of Client Services for Email Fraud Protection at Return Path, where his team supports our customers with strategy and implementation to keep malicious mail out of the inbox while protecting legitimate mail. He has been with Return Path for 12 years and has spent a majority of that time fighting email fraud and abuse and advocating on behalf of brands and consumers around the world. Connect with Brian @bwestnedge on Twitter.