In the course of supporting our wide range of Google Workspace customers, we have witnessed an increase in reports of email security threats. To stay safe, it’s important to understand the risks and take smart steps like using DMARC and being vigilant.

New Gmail Security Rules

Google has implemented new email authentication requirements for bulk email senders starting 1st April 2024 to reduce spam and enhance security. Authenticating email using best practices like SPF, DKIM, and DMARC is required. This aims to close vulnerabilities exploited by attackers, benefiting all email users.

As defined by Google, a bulk sender is an individual who sends “approximately 5,000 or more messages to personal Gmail accounts within 24 hours.” All senders, including those using Google Workspace accounts to send emails, must comply with the new regulations.

Even if you are not a bulk sender, we recommend securing your email with DMARC.

Refractiv can help you can help you set up Email Authentication and DMARC for your domain. Find out more…

How to Set Up Email Authentication?

Businesses can utilise best practices and methods to protect themselves from attacks such as spear phishing by adopting Email Authentication. The process requires careful planning and execution as mistakes or omissions can lead to the disruption of email flow. We can help! Get in touch with the Refractiv team who can help you set up Email Authentication and DMARC for your domain comprising of:

DMARC – Domain-based Message Authentication, Reporting & Conformance (dmarc.org)builds on the widely deployed SPF and DKIM protocols, adding a reporting function that allows senders and receivers to improve and monitor protection of the domain from fraudulent email

SPF – Sender Policy Framework (www.openspf.org) is an open standard specifying a technical method to prevent sender address forgery

DKIM – DomainKeys Identified Mail (dkim.org)
DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication

To adopt the Email Authentication methods requires changes to be made to the DNS (Domain Name Service) records for the domain(s) to be protected.

Get advice or help setting up Email Authentication for your domain from the Refractiv team.

Illustration Only: Email icons

According to Cloudflare, email phishing is responsible for 90% of successful cyber attacks.

What is Phishing?

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and c

redit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

Phishing attacks have evolved to bypass traditional security measures. Here’s a look at some key trends:

  • Spear Phishing: This is a development of phishing that targets individuals in an attempt to deceive the recipient of an email that it has been sent from a known or trusted sender.
  • Email Account Takeovers: Compromising legitimate email accounts allows attackers to launch phishing schemes from within an organization or impersonate known individuals, significantly increasing the success rate of the scams.
  • Deep Fakes: The rise of deepfake technology enables attackers to manipulate audio and video, producing highly convincing impersonations of authority figures. These deepfakes are finding their way into phishing emails and video messages, further eroding trust.
  • Quishing: QR codes are becoming increasingly ubiquitous, but attackers have learned to exploit them in ‘quishing’ scams. Emails may display a QR code, luring victims to malicious websites to steal sensitive information.

What is Spear Phishing?

Spear phishing combines a couple of attack techniques:

Social Engineering: By researching a company (departments, key staff & executives) an attacker can target specific individuals and roles such as the finance department.

Email Spoofing: By forging the headers of emails the attacker attempts to fool the recipient into believing that the email was actually sent by a known and trusted source (e.g. the Finance Director or MD).

 

How to Protect Against Spear Phishing?

People in positions of authority within organisations need to be vigilant and aware of threats and attacks. Email is just one vector for such attacks alongside other communications channels including postal letters, faxes and phone calls.

Internal communications: Ensuring staff, especially those most exposed to the risk (e.g. executives and management, finance staff) are made aware of the threat and risks.

Training: Specialist training organisations offer courses to help educate staff about the threats and risks faced. Internal company policies and workflows should also protect the company from losses due to an individual member of staff being compromised (e.g. dual sign-off).

Technical: 2-Step Verification adds an extra layer of security to your users’ Google Workspace accounts by requiring them to enter a verification code in addition to their username and password when signing in to their account.

DMARC: Strengthening Your Domain’s Defences

DMARC (Domain-based Message Authentication, Reporting & Conformance) protocol acts as a powerful safeguard for your email domain. Here’s how it helps:

  • Authentication: DMARC integrates with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) protocols. This ensures emails sent from your domain are properly signed and originate from authorised senders, making spoofing significantly harder for attackers.
  • Monitoring and Reporting: DMARC provides comprehensive reports about emails sent using your domain—both legitimate and fraudulent. These reports offer critical insights into potential abuse and allow for swift corrective action.
  • Enforcement Policies: The key strength of DMARC lies in its enforcement capabilities. You can define policies like ‘monitor,’ ‘quarantine,’ or ‘reject’ to instruct email servers on how to handle emails failing authentication checks. A robust ‘reject’ policy is highly effective in blocking fraudulent emails from ever reaching inboxes.

A chart showing how DMARC works

Steps Required to Set Up DMARC Email Protocol

  1. Identify all sources of email within the organisation.
  2. Understand how the email source sends email (which SMTP service used).
  3. Create an SPF DNS record including all sources.
  4. Create a DKIM DNS record for each sending source and enable DKIM service.
  5. Check and verify SPF & DKIM records and function.
  6. Plan the DMARC rollout and policies (report, quarantine, reject).
  7. Create a DMARC DNS record.
  8. Monitor the DMARC reports (ongoing).

Need help or advice?

We realise that this is a complex technical subject and that many of our clients will require help to understand this and to adopt Email Authentication methods.

We provide a range of support and consultancy services in this area. To learn more, visit our dedicated DMARC Email Security page or get in touch with us.