Data Privacy and Security

Protecting Customers and Safeguarding Brand Reputation in the Era of the Cybercriminal

Looking through security incidents of the past year, anyone can see that nearly each breach or incident has some form of email exploit in common. From the infamous Target breach, to Heartbleed, to Cryptolocker, cybercriminals leverage email as the attack vector before, during and after these attacks to steal credentials, infect machines or get enough info to continue the next steps of their malicious campaign.


And it’s getting worse. Because the amounts of money that can be made with these exploits is enormous – hundreds of millions of dollars – the ranks of email criminals continue to swell, and the problem continues to get worse. These hackers use many tricks, but one of their favorites is to take advantage of design flaws in the basic architecture of the internet to send email from what looks like a legitimate domain; usually a “.com” return address that seems identical to those used by reputable businesses.


The bad news is that “spoofing” these domains is relatively easy to do. The good news, though, is that the technology exists to close that technical loophole, and in doing so completely shut down this avenue of attack on innocent web users.


This technology is called DMARC (Domain-based Message Authentication, Reporting and Conformance) and it’s fundamentally changing the equation so in the future email will not be the shortcut to criminal success. When DMARC is implemented by the brands that send email, a virtual “handshake” of sorts is instantly initiated with the email receivers that deliver email, the vast majority of who already support DMARC. With DMARC turned on, if an email arrives from a domain owned by your bank, you can be sure your bank actually sent it. Faked emails are rejected by the email receivers before they even reach the inbox.


DMARC adoption started to take off in 2012, and is rapidly being implemented by brand-conscious companies who are determined to secure their most frequently used communication channel. Despite adoption by market leaders in industries like financial services, e-commerce, B2B software and healthcare, there are still many companies who have yet to implement DMARC standards.


Outlined below are four benefits of implementing DMARC – for your company and your users.


Reduce Risks: By and large, companies are reporting that cyberattacks are the biggest risk they face. By preventing hackers from sending emails that pretend to be from registered domains, DMARC reduces the risks associated with fraudulent email. One study showed that by implementing DMARC, some brands have cut email abuse by more than 50%. Risks to the business from a cyberattack can be significant – the largest breaches have suffered from a loss in shareholder value to a call for change in the C-Suite. Not to mention the everyday business impacts which are ongoing operational losses such as increased customer service calls and account takeovers.

Protect Identities: According to the 2014 Verizon Data Breach Investigations Report, there were 1,367 breaches in 2013, affecting over 15 industries and countless companies’ reputations. One of the reasons for this epidemic is that private information is extremely valuable, to more than just consumers. For example, there are numerous shadowy hacker websites where personal information, such a credit card data, can easily be bought and sold. Identity theft is a big business, and DMARC should be the foundation of any company's effort to fight back.

Visibility & Control: DMARC is the only email technology that gives complete visibility into who is sending email on your behalf, at internet scale. Many companies are surprised to learn exactly how many domains and sub-domains within their organization and their authorized third party senders are delivering customer messages. What's more, DMARC gives companies the ability to control what happens when a fraudulent email is sent. This security control did not exist before DMARC and it allows companies to prevent malicious mail from ever reaching a consumer’s inbox.

Strengthen Brand Trust: The trust and confidence of consumers is arguably the most important asset a company can have. The fallout and flagrant brand abuse following a security breach, in which users' information is stolen and then sold, severely damages that trust, and can jeopardize the sorts of customer relationships that have been carefully nurtured over many years. DMARC acts as a bulwark against that threat; email recipients can know with confidence that the emails they are receiving from a company's registered domain are legitimate messages from one of their trusted brands.


Patrick Peterson is CEO and Founder of Agari


« Ten Reasons Why the Tech 'Bubble' Won't Pop


News Roundup: Apple, Apple, Apple [and Other News] »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?