This blog post is part of the Microsoft Intelligence Security Association (MISA) guest blog series. Visit the MISA website for more information on MISA.
Not knowing who is sending emails in your organization for two reasons is a big problem for IT managers.
One problem is “shadow IT” branding services, which employees sign up for without IT oversight. Many of these services send emails – to employees, customers or potential customers – that appear to be from your organization, which could put you at risk for legal and security risks. Identifying and managing these services is a critical step in any cloud migration project.
The second problem is phishing, which plays a role in over 90% of all cyber attacks. For phishers, there is no tool that is more valuable than the ability to emulate as transmitters. These scammers are convinced that there is little that prevents them from cheating in any area they choose in the “from” field of their phishing messages.
Domain-based message verification, reporting and compliance (DMARC) is an important tool to address both of these issues. When an organization places its domains in a quarantine or rejection policy – known as the DMARC app – it gets complete overview and control over all emails that the organization requests. Read the “Best Practices for Implementing DMARC in Office 365” section in the Microsoft article Use Free DMARC service to Validate Emails in Office 365, Learn More About DMARC Policies and Their Relationship to Incoming Emails
Before a company can come up with an enforcement policy, it must identify all the email senders that use its domain. Omitting this important and potentially difficult step can inadvertently block legitimate email resources (like a payroll provider or your CRM tool) simply because it is not specifically authorized.
While the benefits of DMARC are obvious, many organizations have encountered difficulties in implementing this open standard. DMARC recommends receiving mail servers to return composite reports to domain owners so that they can analyze which services are sending email on their behalf. This data is invaluable for cloud migration and anti-phishing projects.
However, it can be difficult to extract actionable information from these reports, which are typically large XML files with long lists of IP addresses. Companies must perform extensive sleuthing work to determine which services match IP addresses and which individuals within their organization are responsible for using the services, which includes updating the DMARC, Sender Policy Framework (SPF) and the corresponding DomainKeys-identified messages. (DKIM) to ensure that the services are properly approved. In addition, each change requires updating the Domain Name System (DNS), which can be a process in itself.
What if you do not have the time and resources to use this long and sometimes tedious technical analysis?
Valimail Monitor for Office 365 can make this part of the DMARC journey much easier. Instead of manually analyzing the huge amount of XML IP address data you get in DMARC reports, Valimail Monitor digests for Office 365 reports compiled from DMARC and makes them an easy-to-read list of named services. In addition, for each of these services, Valimail shows how many messages pass the check and how many fail, and provides aggregate statistics on DMARC checks and errors. This greatly simplifies this critical phase of the DMARC journey.
