DMARC

DMARC which stands for Domain-based Message Authentication, Reporting, and Conformance is an email security protocol. When enabled, your email domain is protected from spoofing by hackers.  DMARC sets up an authentication test for recipient mail-relays to test if the email sent from your domain is authentic and legitimate. During these authentication checks, each message is analyzed by the receiving email system to determine whether the message is authentic and from your register mail relays. Failing this authentication test will result in that email message being quarantined or rejected (set in the DNS record). 

DMARC is the gatekeeper we all need to protect our brand and our clients from impersonation attacks coming from our company’s domain name.

Source: MXToolbox

Additional Reading: DMARC Inching It’s Way Onto Australian Govt Domains

Related Terms: DKIM, Phishing

What does this mean for an SMB?

SMBs should have DMARC and DKIM set up (in addition to SPF records) to help prevent malware and phishing attacks from landing in both your employees own inboxes but also those of your clients (if it was spoofing your domain name).
 
Here are some additional steps you can take to improve your defense-in-depth security program and reduce the chances of becoming a victim:

1. Setup SPF, DKIM, and DMARC records to block the receipt of emails masquerading as your domain name.
2. Train your employees on how to spot, avoid, and delete phishing attacks.
3. Test your employees with Phish Testing attacks; re-train those that fail your tests. 
4. Purchase a Password Manager and train your employees on how to use it. If you visit a phishing website and try to enter your password credentials using a Password Manager, you will NOT be able to. 

To learn more about DMARC and DKIM, watch this short video:

https://www.youtube.com/watch?v=qP9ODdimHvM

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Sign Up Today!