Implementing a DMARC (Domain-based Message Authentication, Reporting & Conformance) record is a great first step for any brand who wants to protect their brand and customers against email fraud.
It’s the best way to ensure that legitimate email coming from owned domains is properly authenticating against established DKIM and SPF standards, and that fraudulent activity appearing to come from domains under the organization’s control is blocked.
But DMARC alone isn’t enough. This story from a leading global shipping and logistics Return Path client reveals why.
The challenge: Fighting attacks from “cousin” domains
This company was no stranger to email security. The shipping and logistics industry is one of the most highly targeted by email fraud, so, even before working with Return Path, they implemented a robust email security plan, including a DMARC reject policy for all major domains.
But it wasn’t enough. The company soon discovered that their biggest threat actually came from fraudulent emails containing attachments that originated from “cousin” domains, or domains the brand didn’t own.
Since DMARC doesn’t address attacks from cousin domains, forwarded emails from customers were the only way to identify live attacks. Sorting through these reports was a very manual and dangerously slow process. The company knew they needed help.
The solution: Improving fraud detection and mitigating attacks
Improving DMARC coverage: The first thing Return Path helped this client with was improving their DMARC coverage and visibility, cleaning up a number of problem domains, and implementing a more efficient and standardized reporting process for DMARC data with a flexible and cloud-based user interface.
Mitigating attacks in real time: To quickly digest the high volume of potentially fraudulent messages flagged by customers, Return Path created daily reports to show reported abuse trends, including subject lines and URLs.
In addition, Return Path analyzed 7 billion emails daily to look for suspicious URLs and spoofing attacks from cousin domains targeting the brand, notifying their takedown vendor in real time to deactivate malicious websites before they could do significant harm.
Keeping the team informed: Return Path’s unmatched services team continues to work closely with this global organization to help them make sense of the huge data set, keeping them up-to-date on the latest trends, DMARC policies, cousin domains, and potential new threat vectors through standing review meetings.
Want to hear more customer success stories from Return Path? Click here.