Imagine that you’re going through a usual day at the office, then a panicked call comes in from one of your customers. Their office received multiple phishing emails from your company email address and they think one employee may have clicked on a link and infected their system with malware.
You immediately have your IT support professional check to see if your email accounts have been hacked, but all looks fine and there is no sign of any phishing being sent. Upon further inspection, it’s found that the phishing attack did not come from your company at all, but the attacker did use your company’s email address in the “From” line, fooling your customer into thinking it was from you.
This type of scenario happens all too often and is called “email spoofing.” It’s when a legitimate company’s email domain (i.e. @goodcompany.com) is used as a decoy in the “From” area of an email message, but the message is actually sent from another email address (i.e. [email protected]).
Email spoofing causes multiple problems for businesses, including:
In 2-year study of email spoofing, it was found that 99% got through secure email gateways.
Approximately 73.5% of all email spoofing uses an exact sender name impersonation in the “From” line. Historically, email spoofing has been a weak spot in network security for email server gateways.
But because it’s become so prevalent as a way to get users to trust a fake phishing email, and because email is main cause of data breaches, email providers have been increasing their detection of and safeguards against email spoofing.
An example of this is Microsoft. They recently added new anti-spoofing safeguards in Microsoft Office 365 to help combat this tactic, which can ruin company reputations and lead to data breach incidents.
If you’ve noticed your legitimate emails getting blocked recently or if you haven’t been able to get a customer’s email as usual, the new email-spoofing protections may be the reason.
If your email server is not set up correctly, then when you send email from a third-party cloud app (like Mail Chimp), it could be seen as email spoofing and routed to a junk or quarantine folder.
This is easily remedied by properly setting up email authentication protocols on your mail server that are designed to confirm your email is actually from you. By employing these authentications, you can also help stop hackers from spoofing your email address and protect your reputation.
Microsoft has added the following features in Exchange Online Protection (EOP) to help protect users from phishing and email spoofing.
Implicit email authentication uses three protocols that work in concert to confirm the authenticity of an email and to let the incoming email server know if it’s passed authentication tests.
These protocols do three important things:
Here is a rundown of each protocol. They are all designed to work together, like three legs of a stool.
The SPF protocol confirms to the receiving mail server that the IP address of the sending mail server is allowed to send mail for your domain.
During the SPF setup process, you’ll include the IP addresses for any cloud services (like Mail Chimp, Zendesk, etc.) that you use for sending email, so they’re not mistakenly identified as spoofing.
This step in the authentication process lets the receiving mail server know that the email sender and other important details have not been altered.
DKIM uses two authentication keys, one that remains on your email server and one embedded with the message. The incoming server checks and matches these upon receipt.
This final step confirms to the receiving mail server whether or not both SPF and DKIM have authenticated properly.
Next, DMARC lets the mail server what to do with the message if it hasn’t passed (i.e. block or send to junk folder).
It also can include instructions to report back to your mail server all emails that have passed or failed authentication. This allows you to be alerted if an unauthorized sender is trying to spoof your email domain.
Haxxess can help your business set up email authentication in Microsoft 365 or another mail program to safeguard your email and your reputation.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.