Email Spoofing has become common place. Hackers are creating fake email and messages, targeting both the unsuspecting public, your customers, or even your own users, for financial and other malicious gains.
This is because Email lacks the ability to verify the authenticity of all received mails. Fraudsters have taken advantage of this fundamental flaw to full advantage.
There exists three email security standards today (and other initiatives) that help in the reduction of sender fraud: SPF, DKIM, and DMARC. Yet a quick look at the top 30 companies in Malaysia, as at the writing of this piece, none of them have implemented these standards a robust manner.
Implementing these 3 standards will help in the following ways
- Prevent Enterprise spear phishing, and other attack variants such as CEO email fraud
- Detect misconfigurations of the underlying SPF and DKIM settings
- Inventory of all email senders using the valid email domain
Here’s a quick introduction to these standards