Using DMARC to Protect Your Custom Domain’s Reputation
I’m going off-topic from color grading to focus on a specific business vulnerability that effected Mixing Light. DON’T WORRY. Mixing Light wasn’t hacked. We weren’t caught in a phishing attack. No member information was comprimised in any way.
Rather, someone started sending out emails pretending to be from @MixingLight.com.
We never saw any of these emails. They weren’t targeting any of our members. We didn’t get a single complaint. Almost all the emails were centered in Eastern Europe. For all we know, some script kiddie was sending out spam emails selling cheap light bulbs (and then not shipping them). But because anyone can set up an email server to use ANY From address and because some spammer decided to start using the Mixing Light domain, we needed to take action. One danger of not taking action is that, over time, our domain starts getting blacklisted and our emails stop making it into our client and vendor inboxes. That could eventually cause the entire domain to be banned in search engines. But there’s a bigger danger. It’s the danger to your clients.
Protecting your domain IS protecting your clients!
The media industry IS a target, especially for spear-phishing attacks. Targeted email attacks like spear-phishing rely on the email receipient clicking on a fraudulent email that they think is legitimate! One way phishers achieve their goal is to impersonate a service or human that their target interacts with. If your company is doing work for a director, producer, or network they are trying to infiltrate, they may try to impersonate you in an email. The phisher can try sending to their target (who is your client) emails using YOUR email address in the FROM field hoping to get your clients (or friends) to click on a link that comprimises their computer.
Here’s the rub: It is trivially easy to fake a From address. This Insight will teach you how to stop that kind of trivially easy (but potentially deadly) impersonation from happening – and protect, your name, your business and your brand.
But if the spammer hadn’t hacked any of Mixing Light’s accounts and we didn’t get any complaints, how did we know they were using the Mixing Light domain in emails?
Great question! I’m glad you asked. In fact, answering that question is what this Insight is about. If you run your own custom domain for your business then you need to know how to monitor your domain and prevent this from happening to you. By the time you finish reading this Insight, you’ll be able to execute on a proactive campaign to protect your company and your clients.
This Insight is both an article and a video
The main content in this Insight is written out as an article. The article lays out the problem we’re solving, the email DMARC verification system you can use to protect your digital identity, and a step-by-step overview on executing the DMARC verification system. At the end of this Insight is a video that assumes you’ve read the article. It shows you the tools I use to monitor our domain, plus a few free tools you can use before you get started to see if you already have DMARC implemented.
What does this email ‘domain spoofing’ problem look like?
Before we get into how we discovered our domain was being used by spammers (especially since they weren’t targeting us or our clients) let’s take a look at how this problem manifests itself, left uncontrolled. Below is a chart for most of the month of July 2019 showing our reported email volume by our email monitoring service (click to enlarge):