Spammers are using your Domain in phishing attacks !

The battle against spam and email scams is never-ending , currently attackers are using your domain to launch spear phishing attacks ,

lets imagine this scenario :

what will your customer do if he found that a new email received from your email id (mohamed@abc.com) , and this email message was received in his Inbox (not spam /junk) and the email body was containing malicious links or malicious attached files ?!

Actually your customer May have good knowledge of phishing techniques ,but if he found that the email received in his inbox and from your email id , he will trust it and go through the links or download the malicious files !

Yes , The attacker can use your domain to send emails to any one by your email id ;it will affect your reputation and will compromise your customer`s Data also ,

unfortunately i found this vulnerabilities on a lot of security consultation companies and big organizations; Let's see how you can protect your domain’s reputation and improve your email deliverability.

System admins and IT security admins are advised to implement some configuration on their domain like SPF , DKIM and DMARC policy. to prevent spammers from doing fraud or hacking activities.

SPF: By using SPF (sender policy framework) ; receiving mail servers can cross-check that the email originated from a server that has permission to send on your behalf. If the message originates from a server that’s not on your list, then the receiving server can consider it a fake and treat it accordingly.

An important aspect to understand about SPF is that it does not validate against the From-domain field in the email header. Instead, SPF looks at the Return-Path value to validate the originating server

DKIM: This configuration will make sure that messages weren’t altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers can then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit. Once the hash made with the private key is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

DMARC:This configuration ensures that the Emails which failed in SPF and DKIM emails get blocked before you even see them in your inbox. In addition, DMARC gives you great visibility and reports into who is sending email on behalf of your domain, ensuring only legitimate email is received.

Simply it`s a policy ,stating that what should the receiving email server do if the incoming email was failed in the SPF and DKIM !, you can reject or quarantine or do no thing (none).

--

Enjoy protection!

Update

i received some messages from my connections asking about why setting SPF only will not cover the issue

Why SPF is not enough

A lot of domains only use SPF with softfail, and have not implemented DMARC. Many believe that just using SPF is be enough, with the intended action configured to ‘accept but mark’. The problem is that softfail in reality is as good as nothing if you are using some email providers, eg. Gmail.There is no marking or special treatment of these emails, at least not visible to the end user.

This also applies to using SPF with softfail, and implementing DMARC but with the action ‘nothing’.

Ref.

http://blog.endpoint.com/2014/04/spf-dkim-and-dmarc-brief-explanation.html