Messaging Masters Series How DMARC is Saving Email The New Authentication Standard Putting an End to Email Abuse by Alec Peterson, CTO, Message Systems, and Mike Hillyer, Senior Director, Global Solution Consulting, Message Systems
What s this all about, anyway? If you re a high-volume sender of email, you already understand the importance of security and deliverability to your email initiatives, or you probably wouldn t be reading this. But how much do you know about the sophistication of today s messaging abuse and their risks to your business? With the pace at which new threats evolve, and new measures are devised to counter these threats, it can be hard to keep up. This look at the current state of email threats and the DMARC specification the emerging industry standard for email authentication will get you up to speed on everything you need to know about protecting our messaging streams, including: The complex and destructive nature of modern email attacks. How the world s leading email receivers and senders are battling back with DMARC. Why all email senders need to adopt DMARC, and how easy it is to implement. Important business benefits achieved by DMARC adoption. 2
Digital messaging hinges on trust. Technology may be what powers our growing network of digital communications, but what actually makes it work as a viable medium for information exchange is trust. We need to believe that the name in the From line of an email is the true sender, and that the content of the message is legitimate. Without that trust, not only is the authenticity of the message in question, but so is the validity of the entire ecosystem. And that leads to some dire consequences for the ability of businesses to communicate electronically. Consumers will be unwilling to engage in commerce or share information online. Interaction between companies and the vendors they rely on will become too risky because of compromised messaging security. 3
Security: Combating New Threats Authentication Unfortunately, from the moment email became widely used for marketing communications, opportunistic scammers have tried to exploit it to seize financial data and personal information. Email industry developers have responded to these ongoing threats by introducing a variety of authentication standards designed to protect brands and their customers. The standards include efforts such as Domain Keys, Identified Internet Mail, Sender ID, ADSP and other methodologies, but for the purposes of the present discussion, we ll focus on the specifications central to DMARC: DKIM: DomainKeys Identified Mail SPF: Sender Policy Framework, AFRF: Authentication Failure Reporting Format Author Domain Signing Practices (ADSP) While it hasn t been widely adopted, ADSP is a forerunner to DMARC in that it provides a framework for senders to publish message handling instructions for non-compliant email. From DMARC.org: ADSP enables domain owners to publish a policy telling compliant receivers to reject messages that fail to verify with DKIM. While ADSP never achieved widespread adoption, it was put into production by a number of senders and receivers at different times. SOURCE: DMARC Overview, www.dmarc.org, used under creative commons license, CC By 3.0. Read on for more detailed descriptions of each. 4
[ Security: Combating New Threats ] DKIM DomainKeys Identified Mail (DKIM), specified in Internet-Draft, is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message s signature may be verified by any (or all) MTAs (mail servers) during transit and by the Mail User Agent (MUA) upon delivery. A verified signature indicates the message was sent by the sending domain and the message was not altered in transit. A signature that fails verification indicates the message may have been altered during transit or that the sender is fraudulently using the sending domain name. Unsigned messages contain no guarantee about the sending domain or integrity of the message contents. Service providers may use the success or failure of DKIM signature verification, or the lack of a DKIM signature, to determine subsequent handling of incoming email messages. Possible actions include dropping invalid messages without impact to the final recipient or exposing the results of DKIM verification, or the lack of a signature, directly to the recipient. Additionally, service providers may use signature verification as the basis for persistent reputation profiles to support anti-spam policy systems or to share with other service providers. It should also be noted that nothing in the DKIM standard requires any alignment between the actual signing domain and the domain in the FROM header. The Mathematician Who Shook Google The latest DKIM standards call for encryption keys of at least 1024 bits. Until recently, many leading senders were still using the far less secure 512-bit or 768-bit encryption. How the transition to the stronger keys came about is an interesting story. A university mathematician named Zach Harris was able to crack the weak 512-bit encryption keys used by Google, and he then benignly impersonated Google founders Sergey Brin and Larry Page via email to alert the search giant to the vulnerability. He got the Internet industry s attention in a big way. Read more on the Message Systems blog or at the Return Path blog. 5
[ Security: Combating New Threats ] SPF Sender Policy Framework (SPF), defined in RFC 4408, is the second emerging standard for sender-based authentication under the DMARC umbrella. SPF provides a framework for administrators, through DNS TXT records, to specify authorized senders for the domains they control. The Sender Policy Framework allows admins to assign a unique SPF record in the DNS to each domain from which emails are sent. This methodology provides a means for receivers to determine whether the sending MTA (mail server) is authorized (or not authorized) to send messages for the domain that the message is from. It should also be pointed out that the domain being validated is the MAIL FROM or return path domain. Specifically, SPFv1 performs validation on the domain found in the envelope sender (sometimes defined as the MAIL FROM header). SPFv2 (also known as Sender ID) supports MAIL FROM validation, but adds the concept of Purported Responsible Address (PRA), which defines an algorithm for selecting among a set of RFC2822 headers. The domain for validation is extracted from the appropriate header as defined by the PRA header selection algorithm. 6
[ Security: Combating New Threats ] Sender ID What s the Difference Between SPF and Sender ID? There is much confusion around SPF and Sender ID. As noted above, the terms SPFv1 and SPFv2 are commonly used to describe the two specifications, but there are critical differences between them, and they are not interchangeable. A detailed description of the various differences can be found on the Open SPF website. Briefly, Sender ID was a protocol advanced by Microsoft that was never widely embraced, though still in use among some senders. The technical distinctions are outlined below. What is SPF? SPF (defined in RFC 4408) validates the HELO domain and the MAIL FROM address given as part of the SMTP protocol (RFC 2821 the envelope layer). The MAIL FROM address is usually displayed as Return-Path if you select the Show all headers option in your e-mail client. Domain owners publish records via DNS that describe their policy for which machines are authorized to use their domain in the HELO and MAIL FROM addresses, which are part of the SMTP protocol. What is Sender ID? Sender ID (defined in RFC 4406) is a Microsoft protocol derived from SPF (hence the identical syntax), which validates one of the message s address header fields defined by RFC 2822. Which one it validates is selected according to an algorithm called PRA (Purported Responsible Address, RFC 4407). The algorithm aims to select the header field with the e-mail address responsible for sending the message. Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both. SOURCE: Sender Policy Framework - SPF vs Sender ID, www.openspf.org, dual-licensed under the GNU GPL v2 and the Creative Commons CC BY-SA 2.5. 7
[ Security: Combating New Threats ] AFRF and Abuse Reporting Feedback Loop Reporting has been an important concept in email abuse and spam prevention for many years now. Basically, it provides a common way for email inbox providers to report back to senders when individual users mark incoming messages as spam. The Abuse Report Format (ARF) (see: RFC 5965) has long been the standard, and the Authentication Failure Reporting Format (AFRF) distinction is simply a new report sub-type extension that allows for relaying of forensic details regarding an authentication failure within the DMARC framework. Authentication Failure Reporting Format (AFRF) Supports reporting of SPF and/or DKIM failures For SPF, reports the client IP address and the SPF record(s) that were retrieved, producing a fail result For DKIM, reports the canonicalized header and body that produced a failed signature, allowing forensic analysis by the signer to detect why the failure occurred Also supports ADSP reporting of messages that weren t signed but should have been This will be used by DMARC sites for reporting per-message failure details. An aggregate reporting format is suggested within an appendix of the DMARC specification. SOURCE: DMARC Overview, www.dmarc.org, used under creative commons license, CC By 3.0. 8
[ Security: Combating New Threats ] DMARC The Whole DMARC: Greater Than the Sum of Its Parts Although each of these specifications provides assurance about the email sender s identity, each alone has vulnerabilities or limitations around handling and control that hindered widespread adoption. The DKIM standard has been largely embraced for its robustness, but it still left an opportunity for a comprehensive safeguard that would give senders the control to define delivery policies, while enabling receivers to a) determine whether incoming messages align with those policies, and b) act on those findings to report back to the sender on message disposition. In short, combining DKIM with SPF and the more detailed AFRF reporting standards represents the most comprehensive and most promising approach to preventing email abuse that the Internet industry has ever mounted. 1 + 1 + 1 = 1000 9
[ Security: Combating New Threats ] DMARC In Action In practice, DMARC is designed to fit into an organization s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message aligns with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the non-aligned messages. For example, assuming that a receiver deploys SPF and DKIM, plus its own spam filters, the flow may look something like this: Author Composes and Sends Email Sending Mail Server Inserts DKIM Header Email Sent to Receiver IP Blocklists, Reputation, Rate Limits, etc. SENDER RECEIVER Validate and Apply Sender DMARC Policy Standard Validation Tests Retrieve Verified DKIM Domains Retrieve Envelope From via SPF Apply Appropriate DMARC Policy Anti-Spam Filters, etc. Standard Processing Passed Quarantine Update the periodic Aggregate Report to be sent to Sender Failure Report Sent to Sender SOURCE: DMARC Overview, www.dmarc.org, used under creative commons license, CC By 3.0. 10
[ Security: Combating New Threats ] The Arrival of DMARC Great Progress Frustrated by the ongoing threats and limitations of the previous mechanisms, 15 organizations that included the world s largest email service providers, financial institutions, and message security companies banded together in 2012 to create DMARC the Domain-based Message Authentication, Reporting and Conformance group. The coalition included Internet titans like Google, Microsoft and Yahoo!, as well as email intelligence pioneer Return Path and financial services providers including PayPal, Fidelity and the Bank of America. Their goal was to establish a universally accepted authentication standard that allowed for senders and receivers to share information about how messages are processed, to allow for continuous improvement. PayPal had actually tested a similar system back in 2007, in partnership with Yahoo! and Gmail, which achieved a significant reduction in the number of threats masquerading as legitimate PayPal messages. By the time DMARC launched five years later, many of the largest-volume email senders were eager to adopt it, including Amazon, LinkedIn, Facebook, ebay, Groupon and Netflix. First Year Out of the Gate With its collaborative approach and compelling benefits for both email senders and receivers, it didn t take long for DMARC to catch on. In just its first year, DMARC has become the universal authentication standard for the world s leading email providers and message senders. * These are just a few of the impressive achievements so far: 1.9 billion mailboxes protected 80% of U.S. consumer mailboxes, and 60% worldwide Over 325 million messages blocked by December 2012 Supported by Microsoft, Google, Yahoo!, AOL, Comcast, and international ISPs * In First Year, DMARC Protects 60 Percent of Global Consumer Mailboxes February 6, 2013 http://dmarc.org/news/press_release_20130206.html 11
State of the Email Republic The Long-Rumored Demise of Email DMARC came about at an interesting time in the evolution of the Internet right as mobile devices like smartphones and tablets have grown to eclipse desktop PCs as the primary access gateway for online life. With more messaging interactions happening in mobile-oriented message streams like SMS/MMS, IM chat and Push notifications, so began another round of chatter in 2012 that email is on its way to obsolescence. We keep hearing that, as businesses and consumers are migrating to these new channels, social media and mobile applications will soon replace email as the dominant method of messaging. And no doubt, the growth in in-app push notification messages in recent years has been astronomical. Yet the numbers for email are still orders of magnitude greater than app-based messaging and growing steadily. Technology research firm The Radicati Group published a report * on the status of the email market in October 2012, with a few key projections that show email is still on the rise. Email traffic in 2012 Over 2.1 billion email users worldwide 144 billion emails exchanged daily Global email revenues topped $8 billion Projected email traffic in 2016 Expected to reach 2.7 billion users More than 192 billion daily emails Revenue forecasts likely to surpass $12 billion * Email Statistics Report, 2013-2017, The Radicati Group. Apr 22nd, 2013 http://www.radicati.com/?p=9659 12
[ State of the Email Republic ] Healthy Growth Evolving Expectations Email drives business and business drives email The majority of email traffic originates as automated corporate messages such as alerts, notifications and email marketing communications. While we know that consumer messaging behaviors are indeed changing, businesses still depend heavily on email due to its relatively low cost and well-established infrastructure. That s why email security is so critical to the ongoing marketing and risk-mitigation efforts of retailers and other enterprises. In fact, according to the Radicati Group report, business use of email will continue growing at an average rate of 13% through 2016. And despite the reality that a small negative growth rate is expected for consumer emails over that same period, the mobile devices and apps touted as email killers still use email as a primary notification method and communication channel. Email, and email security, will continue to be central to global business for the foreseeable future. Customer communication behaviors are changing While email s central place in business and consumer messaging isn t in doubt, this does not mean the overall messaging environment is not in flux it is. In fact, consumer expectations of how companies engage with them have changed dramatically due to the proliferation of wireless technology and mobile devices *. More and more consumers today want and expect personalized, relevant communications that reach them wherever they are, via the most expedient messaging channel. In many ways, they want the interaction to emulate the way they communicate with friends. But in order for brands to meet this expectation and take advantage of the opportunity, consumers must be willing to share their data and preferences which makes the digital messaging linchpin of trust all the more vital. And that willingness is widespread. In a recent consumer survey, 69% of respondents said they were willing to give up personal data in exchange for more customized service. * Message Systems Report: Marketing Channel and Engagement Benchmark Survey. Oct 2012. http://www.messagesystems.com/resources-guides-survey2011.php Customer Experience in the Digital Age. David Kirkpatrick, Marketing Sherpa, April 30th, 2013. http://sherpablog.marketingsherpa.com/online-marketing/customer-experience-digital-age/ 13
[ State of the Email Republic ] In the Crosshairs Spearphishing These factors together a fast-evolving communications environment, consumers becoming more comfortable sharing data with businesses create fertile ground for scams and cybercrime. And a company s messaging stream is often the first place cybercriminals strike. Not only is the email channel an inherently vulnerable access point, it also tends to be rich with personal data and more importantly these days provides easy access to more valuable targets. Once this perimeter has been breached, threats are frequently able to proceed unchecked even with robust network security in place. Not coincidentally, cybercriminals are keeping up with consumer expectations for digital communication just as well as marketers. As the demand for highly targeted, personalized messaging increases, so do the schemes that exploit these same tactics. Today s biggest threats aren t the broad, indiscriminate attacks that flood ISPs with crudely spoofed email. Now, the real danger comes from the sophisticated spearphishing scams aimed at specific individuals and organizations, which subvert the email ecosystem from the inside. Delivered with hacktivist sensibilities, these attacks are also known as advanced persistent threats (APTs) because they move between service providers, enterprises, and consumers through a combination of identity theft, spoofing, and malware *. Criminals are going farther and farther up the ladder in compromising the trust supply chain. They re attacking one company, service provider, ad network or certificate authority just as a way to attack another entity farther down the ladder of trust and ultimately exploit thousands or millions of unsuspecting users. Craig Spiezle, Executive Director, Online Trust Alliance * white Paper: Safeguarding Messaging Streams for Enterprises and Email Service Providers Technology Principles for Architecting a Secure Messaging Environment http://www.messagesystems.com/resources-white-papers-safeguarding-message-streams.php 14
[ State of the Email Republic ] Persistent Response What makes APTs particularly sinister is that the goals are often far more ambitious than the simple theft of data assets; they tend to focus on hijacking the identity and reputation of a company, or completely taking over its systems. That way, malicious emails can be disseminated directly from the compromised senders using their own trusted brand names, authenticated domains, and IPs to masquerade as legitimate communications and improve the odds of avoiding detection. And yet, while APTs are far more sophisticated and insidious than the earlier generation of attacks, they still use messaging streams as the entry point. The integration of messaging streams with data sources and operating systems means that today s multi-faceted attacks need only compromise one access point to infiltrate the others. As a result, risk can no longer be defined by functional areas alone. Spearphishing and other APTs are too intelligent and highly targeted, not mere brute force assaults that can be thwarted by strengthening the network perimeter. Therefore, the security response must become as persistent as the threats, and all players in the ecosystem need to work together, exchanging information and protecting one another. Because if one pillar falls prey to an APT, then all are at much greater risk. That s where DMARC comes in. 15
A New Standard DMARC extends authentication and enhances control It was in this fast-changing information security environment that the founders of DMARC began planning a new standard for email authentication. And there s a lot more to DMARC than just authentication. In fact, DMARC doesn t even provide a new form of authentication; it allows senders to choose between existing forms of SPF and DKIM authentication, either one or both. The key technical benefits it offers are enhanced control and visibility with regard to message processing. In addition to indicating which of the two authentication protocols is protecting their messages, senders also get to tell receivers how to handle messages if neither method can be validated. They can request that rejected emails be bounced or marked as junk whereas, in the past, ISPs had to make this call on their own. Senders were not given any input or visibility into the way messages were being processed, thus making it extremely difficult for them to optimize security mechanisms or deliverability rates. Mutually Beneficial Feedback Loop With DMARC, senders share their handling preferences and receivers respond with daily results reporting so all parties know which messages passed and failed authentication. This mutually beneficial feedback loop takes most of the guesswork out of message processing and threat assessment, reducing risk and increasing trust on all sides including, most importantly, the consumers at the end of the messaging stream. The widespread adoption of DMARC as a universal standard by receivers is primarily what has made these benefits possible. As more and more members of the community of email senders follow suit in the months and years ahead, so will the promise of an abuse-free messaging ecosystem progress. DMARC Highlights Uses existing path-based SPF or signature-based DKIM authentication Senders choosing DKIM must use the robust 1024-bit encryption standard Senders share message handling preferences with receivers Receivers provide visibility into message processing via daily reports 16
[ A New Standard ] Deliverability and Business Benefits Authentication has been an important factor in deliverability for several years, but now it s an absolute requirement for ensuring reliable inbox delivery. All the major inbox providers have expanded their authentication policies in recent years due to the rise in phishing and APTs. The good news is that DMARC makes it easier than ever to stay in compliance with these more stringent requirements because nearly all major receivers are now on board with the same methodology. Deciding which messages to authenticate, and how to do so, used to be a much more complicated process especially for multi-tenant environments that require greater flexibility in authentication policies. But the visibility and control achieved through DMARC go a long way toward alleviating this burden for email service providers and enterprises with numerous internal clients. The long-term gains for a brand s bottom-line are substantial, and the ease of implementation ensures a quick return on investment. The Standard The most current standard for DMARC that is under consideration by the Internet Engineering Task Force was drafted under the editorship of Facebook engineer Murray Kucherwary. This document sets the following high level requirement for DMARC: Minimize false positives. Provide robust authentication reporting. Allow senders to assert policy for consumption by receivers. Reduce the amount of successfully delivered phish. Work at Internet scale. Minimize complexity. Business benefits of DMARC Higher deliverability rates Enhanced user trust in email legitimacy Stronger brand reputation and loyalty 17
[ A New Standard ] The Road Ahead DMARC is still in its relative infancy, having celebrated its first anniversary early in 2013. The visibility and control it provides over messaging streams will continue to develop even further as the standard matures. New products and services that leverage DMARC reporting capabilities are already on the horizon and, as motivated members of the ecosystem push for options specific to their unique needs, authentication policies will soon evolve beyond the basic set available today. We re also likely to see additional visibility into the authenticity of messages for endusers, something akin to existing infrastructures around Extended Validation Certificates and SSL certificates. The key takeaway for senders is to put the foundation in place for your business now, and then you ll be ready for enhanced authentication capabilities as soon as new innovations are introduced. 2013 18
Implementation Four Essential Steps For senders, implementing DMARC will be an ongoing process. As more receivers adopt the standard, the reports flowing back to senders will become more detailed with richer data. These steadily improving data streams will thereby enable senders to modify and optimize their sending streams over time. That s the longterm view. To initiate a DMARC program, senders must first take these four basic steps: Implement DKIM Implement SPF Create and publish a DMARC policy or resource record Implement reporting and analysis Publishing DKIM Records DKIM requires that you generate private and public encryption keys (1024-bit random numbers), and that you publish the public key selector record to your DNS. Several free DKIM key generators are available online. If your domain were whitehouse.gov and your selector was s768 the public record will look similar to the following: Name s768._domainkey.whitehouse.gov Value t=y;o=~; k=rsa; p=migfma0gcsqgsib3dqe <snip> 3pmCktutYJNilQIDAQAB 19
[ Implementation ] Implement DKIM Sending Servers Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DKIM-enabled outbound email servers. This is step in the diagram. Signing: When each email is sent by an authorized enduser within the domain, the DKIM-enabled email system automatically uses the stored private key to generate a digital signature of the message. This signature is included in a DKIM-Signature header and prepended to the email. The email is then sent on to the recipient s mail server. This is step in the diagram. Sending Mail Server DNS Receiving Mail Server Mailbox Receiving Servers 1. Preparation: The DKIM-enabled receiving email system extracts and parses the message s DKIM-Signature header. The signing domain asserted by the header is used to fetch the signer s public key from DNS. This is step in the diagram. 2. Verification: The signer s public key is then used by the receiving mail system to verify that the signature contained in the DKIM-Signature header was generated by the sending domain s private key. This proves that the email was truly sent by, and with the permission of, the claimed sending domain. It also provides that all the headers signed by the sending domain and the message body were not altered during transit. 3. Delivery: The receiving email system uses the outcome of signature verification along with other local policies and tests to determine the disposition of the message. If local policy does not prohibit delivery, the message is passed to the user s inbox. Optionally, the email recipient may be informed of the results of the signature verification. This is step in the diagram. 20
[ Implementation ] Implement SPF SPF consists of two basic components: Sender side: senders publish DNS records that describe their policies. Receiver side: receivers use a parsing engine that looks up the published policies for inbound mail and takes actions based on it. the parts of an SPF record v=spf1 SPF version 1 mx a:pluto.example.net include:aspmx.googlemail.com -all The incoming mail servers (MXes) of the domain are authorized to also send mail for example.net The machine pluto.example.net is authorized, too Everything considered legitimate by gmail.com is legitimate for example.net, too All other machines are not authorized SOURCE: OpenSPF.org 21
[ Implementation ] Publish a DMARC Policy DMARC policies are published in a sender s Domain Name Server (DNS) as text (TXT) resource records (RR) and announce what an email receiver should do with nonaligned mail it receives. Consider an example DMARC TXT RR for the domain sender.dmarcdomain.com that reads: v=dmarc1;p=reject;pct=100;rua=mailto: postmaster@dmarcdomain.com In this example, the sender requests that the receiver rejects all non-aligned messages outright and send a report, in a specified aggregate format, about the rejections to a specified address. If the sender was testing its configuration, it could replace reject with quarantine which would tell the receiver they shouldn t necessarily reject the message, but consider quarantining it. DMARC records follow the extensible tag-value syntax for DNS-based key records defined in DKIM. The chart below illustrates some of the available tags. Tag Name Purpose Sample v Protocol version v=dmarc1 pct Percentage of messages subjected to filtering pct=20 ruf Reporting URI for forensic reports ruf=mailto:authfail@example.com rua Reporting URI of aggregate reports rua=mailto:aggrep@example.com p Policy for organizational domain p=quarantine sp Policy for subdomain of the OD sp=reject adklm Alignment mode for DKIM adklm=s aspf Alignment mode for SPF aspf=r NOTE: The examples in this chart are illustrative only and should not be relied upon in lieu of the specification. Please refer to the specification page for the most up-to-date and accurate version. SOURCE: DMARC Overview, www.dmarc.org, used under creative commons license, CC By 3.0. 22
[ Implementation ] Reporting & Analysis: Overview Early adopters of DMARC quickly realized that putting in place processes and tools for handling incoming reports from senders is a key element for a successful DMARC implementation. First of all, the volume of data streaming in from senders can be quite large. Secondly, these reports will contain data that may require immediate action. For example, let s say you own a domain, theemailgiant.com and you implement DKIM and SPF and publish a DMARC record requesting reports. Within 24 hours or so, you begin receiving data reports from the ISPs and inbox providers that have adopted DMARC. These reports will contain very detailed information on the following: You will get statistics on all messages that claim to come from your domain from all DMARC receivers. So, you will suddenly be able to see how many fraudulent messages are using your domain, where they re coming from, and whether or not they would be stopped by a DMARC quarantine or reject policy. The report from each receiver is an XML file that includes the following fields: Every IP address using your domain to send email A count of messages from each of those IP addresses What was done with these messages per the DMARC policy shown SPF results for these messages DKIM results for these messages SOURCE: DMARC Overview, www.dmarc.org, used under creative commons license, CC By 3.0. 23
[ Implementation ] Reporting & Analysis: Tools With the level of detail contained in DMARC reports, high volume senders won t be able to simply skim through the data to identify problems or fraudulent activity. Getting clear visibility into DMARC reports will require the ability to quickly parse and act on large amounts of raw data. Companies like Return Path, which is one of the founding firms that shaped the DMARC ecosystem, provide exactly these kinds of tools and capabilities. Any DMARC email security solution you chose should feature the following: Big data storage capacity for mailbox provider reports, with real-time processing functionality. Support not just for aggregate-level data but also actual message and forensic level data also. Data visualization and normalization tools to display results in real time, making it fast and easy for customers to understand complex mailbox provider data streams. Alerting capabilities to flag critical issues and enable you to take real-time corrective action to ensure the health of your mail environment. Additionally, the most valuable DMARC reporting solutions providers will be those that have industry-wide partnerships with inbox providers. These kinds of partnerships provide access to phishing data intelligence from across the email receiving community, and help to identify phishing attacks as they arise. 24
Message Systems Stands Behind DMARC By now it should be clear that adopting the DMARC authentication standard is essential to the success of every company s digital messaging. One of the easiest ways to implement DMARC for your brand is through the Message Systems Momentum platform. Message Systems has been DMARC-compliant since the beginning and, as a leader in digital messaging, the company has a long history of aggressively supporting authentication standards before that. SPF and DomainKeys have been supported on Message Systems platforms since 2004; SenderID and DKIM protocols since 2005. As DMARC evolves, and other technologies are developed, Message Systems will continue to be at the forefront of messaging security. There are a variety of ways to protect your messaging streams, but only Message Systems technology includes authentication and security as part of a comprehensive, future-proof messaging solution. To learn more about best practices and solutions for your email operations, call 877-887-3031 or visit us at messagesystems.com 2013 Message Systems, Inc., all rights reserved. 9130 guilford road suite 100 columbia maryland 21046 tel +1 410-872-4910 toll free usa 877-887-3031 messagesystems.com 25