Legal professionals also require email authentication- here’s what you need to know

by DuoCircle

 

Emails are one of the most used mediums for attempting phishing. Irrespective of your industry and operational style, if your work involves the exchange of emails (which almost every business does in today’s time), then you could be the target of phishers

In 2024, there have been multiple reports of law firms falling victim to email phishing scams. A prominent example includes sending phishing emails in the name of the Semrad Law Firm to threaten recipients with wage garnishments over alleged unpaid debts. The phishing email had several red flags, like inconsistency in the amount to be paid, unprofessional tone, non-existing ‘I AGREE’ button, etc. We don’t know how much monetary loss was included in this incident, but what we do know is that this phishing attempt would have failed completely had there been email authentication protocols in place. 

Legal professionals and firms are among the hottest targets because they store and handle highly confidential information. So, let’s see how you can save your reputation, money, and clients from malicious emails sent in your name. 

 

 

Ensuring only authorized entities send emails on your behalf

SPF, DKIM, and DMARC are three email authentication protocols that ensure that only trusted and permitted entities send emails on behalf of you or your law business. Out of these three, DKIM helps recipients know if email content has been altered in transit. 

With the deployment and regular management of SPF, DKIM, and DMARC, you get-

  • Secured email infrastructure
  • Improved email deliverability
  • Improved conversion rates
  • Better sender’s reputation of your domain

Now, here is how each of these protocols works to protect the email infrastructure of your law firm-

 

email deliverability

 

SPF or Sender Policy Framework

SPF is the foundational protocol that prevents email phishing and spoofing attempted by compromising your business domain. It works by empowering you to specify which IP addresses and mail servers you officially allow to be used for sending emails on your behalf. These IP addresses and mail servers could be the ones belonging to you, your employees, CXOs, third-party vendors, etc. 

Upon receiving emails from your domain, the recipients’ servers check if they have been sent from one of these authorized IP addresses and mail servers. If yes, the emails are placed in the primary inboxes of the intended recipients. If not, they are either dumped in the spam folders or rejected outright. 

Consider SPF as a guest list of an exclusive event, where anyone whose name isn’t on the guest list won’t be allowed to enter the event. 

 

spam folder

 

DKIM or DomainKeys Identified Mail

DKIM is a method for verifying email authenticity. It adds a digital signature to each email, ensuring it hasn’t been altered during transit. When the email is sent, it’s signed with a private key. The receiving email provider checks this signature using a public key found in the sender’s DNS records to confirm the email’s integrity.

To understand this better, think of a half-heart locket for couples. If the two halves of the locket don’t combine to make a perfect full heart, then it’s a problem. 

 

DMARC or Domain-based Message Authentication, Reporting, and Conformance

DMARC is built on SPF and DKIM to provide a way for domain owners to specify what actions receiving mailboxes should take with unauthorized emails sent from their domains. Domain owners publish a DMARC policy

in their DNS records, specifying how to handle emails that fail SPF or DKIM checks. They can choose to monitor, quarantine, or reject these emails.

dns record

 

When an email is received, the receiving server checks if it has passed the SPF and DKIM verifications. DMARC then verifies if the email’s ‘From’ address aligns with the results of these checks. Based on the results, the chosen policy is applied.

 

Get started with DMARC for your law firm’s email infrastructure

Use an online DMARC generator tool to produce a DMARC record. Generally, you will have to provide the following basic pieces of information-

  • Domain name: The domain you want to protect (for example, mylegaldomain.com)
  • Policy: The action you want a recipient’s mailbox should take with unauthenticated emails sent from your domain. Choose one of the following:
    • p=none: No action; just monitor.
    • p=quarantine: Suspicious emails are sent to the spam folder.
    • p=reject: Block emails that fail DMARC checks.

 

phishing email

 

  • rua: It’s an optional but highly encouraged information that you should provide. This is the email address where you want to receive aggregate reports that provide an overview of sending sources and DMARC results.
  • ruf:  This is again an optional email address where you want to receive forensic reports on individual emails that didn’t pass the SPF and DKIM checks. 
  • sp: sp stands for subdomain policy for emails sent from your subdomains. Again, it’s optional to provide this information. We recommend you use this if you use subdomains to send emails. 
  • aspf and adkim: This tag specifies how strictly SPF and DKIM should align with your domain. Options are ‘relaxed’ or ‘strict.’
  • pct: The percentage of messages the DMARC policy applies to, from 1 to 100. For instance, setting it to 50 would apply your policy to half of your messages, which is helpful for gradual implementation.

 

 

threat actor

 

Here’s a basic example of a DMARC record-

v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@mylegaldomain.com; pct=70; sp=quarantine; adkim=s; aspf=r;

Here, the ‘v’ value refers to the version of DMARC being used. Currently, there is only one DMARC version, so the value of ‘v’ is ‘1.’

 

Final words

It’s getting common for threat actors to impersonate reputed legal organizations or individuals to send emails on their behalf. There is a higher chance that targets will open such emails because of the claimed sender’s credibility. The more valuable the target and information, the more sophisticated these scams get.

We at DuoCircle can help you jump the queue of being the next target of email phishing and spoofing. Reach out to us for email authentication services for legal professionals and stay secure. Our experts will be your warriors. 

 

Pin It on Pinterest

Share This