If you take an email security awareness training class, you’ll learn a dozen ways to spot phishing email. There are a lot of clues. Maybe the email contains poor spelling or grammar. Or maybe it contains an offer that’s just too good to be true. All of those are giveaways. But there is one clue that’s a more reliable predictor of a phishing email than any other one: the “from” address. If you truly know who the email is from, you’ll know whether or not it’s legitimate.
The challenge is that hackers spend all their time trying to camouflage the from address so you think it’s from somebody it isn’t. And they are really good at it.
To counteract this email obfuscation, the industry has responded with three technologies that make it harder for hackers to hide the from address. The three technologies are SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication Reporting and Conformance). You might think these three technologies would make hackers pack up their bags and go home, but you’d be wrong, because as things turn out, these technologies aren’t foolproof.
According to an article on Dark Reading, “Researchers have discovered 18 different ways of fooling the triumvirate of email technologies—SPF, DKIM, and DMARC—for a subset of email services, including Gmail, and clients, including Microsoft Outlook. While the three technologies should ensure the FROM header of an email cannot be spoofed—for example, stating that the email comes from firstname.lastname@example.org when, in fact, an attacker has sent it from their own mail server—[it] undermines the authentication that the three technologies are designed to provide.”
So, what’s the problem? As it turns out, the three technologies were built as standalone components and nobody bothered to check if they work well together. “At a high level, this is a general problem, which is that we build complex systems these days out of components that we get from different parties, and those parties can have inconsistencies in really minor ways that turn out to have security implications.”
This inability to work well together causes problems for everyone. ” Every email provider — including Google’s Gmail.com, Apple’s iCloud.com, Microsoft’s Outlook.com, and Yahoo.com — had at least one issue that resulted in mismatched authentication.”
The bad news is, even when you implement all three of these technologies, you’re not really protected from phishing attacks. The good news? You can still protect yourself from phishing attacks with a third, more effective technology: cloud-based Phishing Protection with real-time link scanning from DuoCircle.
Phishing Protection is specifically designed to sniff out malicious “from” addresses. And since it’s cloud based, when it does, it keeps that email out of your inbox completely. If you don’t see it, how can you get phished? You can’t.
Phishing Protection requires no hardware, no software and no maintenance. It sets up in 10 minutes, works with all major email providers and only costs pennies per user per month. If you’ve implemented the three technologies and you’re still feeling a little uneasy, check out Phishing Protection. Try it free for 60 days.