Phishing Protections

Phishing Protections

By: Will Young, Director of Technical Testing, MAD Security | January 10, 2019   Protecting users from phishing attacks requires utilizing a defense in depth strategy. Users are the last line of defense against phishing attacks and are also unfortunately, the weakest.  Ideally, your other protections ensure that phishing emails never make it to your users to begin with. In order to understand how to protect against phishing emails, let’s walk through a few examples of an attacker sending out a malicious email to one of your users and discussing the different steps in the delivery process where we could prevent this from happening.   Impersonation Protections   SPF, DKIM, and DMARC records all help weed out phishing emails that attempt to impersonate another organization. When configured by an organization, these records essentially dictate who is allowed to send emails on behalf of that organization.  Anyone sending an email attempting to impersonate an organization with these records will likely have their email rejected by most modern mail servers.   SPF Records   At a basic level, SPF (Sender Policy Framework) records establish a method for receiving mail servers to verify that incoming email from a domain was sent from a host authorized by that domain’s administrators. SPF records are TXT records that are configured on an authoritative DNS server for the sending domain.   Let’s suppose that your company’s domain name is “globalcorp.com” and let us also suppose that an attacker attempts to send an email from “[email protected]” to one of your employees using an SMTP server that is owned by the attacker. When your company’s mail server receives...