DMARC in 2020

DMARC is a relatively new framework first published in early 2012, with its primary purpose being to protect you from being impersonated over email communication. This gives a new paradigm to 'email security' where, unlike most people's perception, this secures your outbound emails by authorizing your legitimate email sending sources rather than your inbound. The new paradigm shift may lead many corporations to become aware of the importance of implementing the DMARC framework. 

In early 2020, the COVID-19 pandemic was taking the headline and while people were busy in this chaos, hackers utilized this opportunity to take advantage of the situation. Fake email scams began to surge, impersonating large industries; 61% of Airlines have no published DMARC record, victimizing them of these attacks. These fraud emails are usually aiming to make a profit by stealing the clients' banking information.

 

 

These emails would seem genuine as they were being sent from the exact domain of the organization. An example of that would be the case of WHO (World Health Organization), where the domain "@who.int" was spoofed, and hackers sent emails impersonating the organization, asking for donations and money transactions. The same scenario was repeated with various schools and organizations, all either shut down or working remotely.

The hardest hit was beared by Banks and Airlines, where they were held liable for not securing their domain and, as a result, lost their reputation along with monetary losses. 

The year 2020 has shown us the importance of DMARC implementation on our domains appropriately from the 'none' policy all the way to 'reject' policy. Not only does this protect our companies/organizations, but also the people that interact with them as well.