Email authentication is not new however the concept can be a little difficult to understand. Especially given the necessity for domain owners to implement the newest of the three authentication protocols,
DMARC the the anti-SPOOF solution.
Let’s start with some key concepts.
KEY CONCEPT 1:
The Google’s and Microsoft’s of the world do not want the SPAM and SPOOF plague to continue. Already there has been a 10% drop in SPAM due a number of things but mostly due to the anti-SPOOF (DMARC) adoption. The US Government has mandated and implemented the solution and others are following.
This means that a cascade effect will take place. You see the protocol is designed to allow receivers of email to filter or reject unauthenticated email. This protects recipients from SPOOF Phishing attacks and business email compromise attacks.
In reverse it helps the domain owner better control the sources of email that use the domain and requests the receiving servers to act in accordance with the instructions given via a DNS entry.
So once an organisation is compliant then it is logical they expect organisations they do business with do the same. Otherwise you can simply reject unauthenticated email.
KEY CONCEPT 2:
When you send a letter via the post – you put your details of the recipient on the front and often the details of whom the letter is from on the back or inside the envelope. You put the letter in the postbox and Australia Post, Royal Mail or US Mail (whoever) picks up the letter and starts the process of delivering it.
When the letter is finally received by the targeted recipient, how can they actually know for certain that the letter is from the person or organisation that sent it? They can not, there maybe tell tail such as recognizably handwriting, but you actually don’t know unless it was registered post. If it is registered post you then have some sort of recourse and expect honesty from he postal system,
Well it have been the same with email, until now.
Zulu eDM is the postman and you are a sender of email. The big difference is the receiving “postmaster” for the majority of cases the big web mail providers
(Yahoo,Microsoft, AOL, Gmail etc) and now Governments are insisting on knowing who the actual sender of the email is.
Instead of using registered post we call it email authentication. When an email is authenticated using the new anti-SPOOF DMARC protocol, we can guarantee which domain is actually was responsible for that email.
That guarantee will then allow the industry to decide if you are a good or bad sender and if your domain should be blocked or allowed to reach the inbox.
The net effect will mean that SPAM, SPOOF and PHISHING email can be more easily recognized and then blocked or shutdown and/or have the authorities deal with it.
KEY CONCEPT 3:
2013 was quite sometime ago, approximately when we first learnt of “the winter is coming” story line on the Game of Thrones.
When we first took up the DMARC project and realized far reaches it will have, SPAM volumes had reached 95% of all email.
Since 2016 SPAM volumes have decreased by about 10% Now that the US Government has gone live (October 15, 201`8) and our data shows more DMARC adoption than ever before we are expecting to see a flurry of SPAM and attacks for remaining domains before the numbers start to drop again.
On the flip side, if organizations (or domain owners) do not adopt this standard then they will get less and less email through to target recipients not matter what type of email.
DMARC / anti-SPOOF authentication has arrived and you must comply to prevent email interruptions.
Here are some tools to analyze your domain and find out more information.