Starting this month, a significant shift is on the horizon for companies reliant on mass emailing via Google or Yahoo. Businesses must adopt Domain-based Message Authentication Reporting and Conformance (DMARC), for any volume exceeding 5,000 emails.
This move, spearheaded by Google and Yahoo, is prodding all companies who use branded email to clean up their email security through DMARC, as well as the pre-requisites of Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). This trio not only fortifies against impersonation but also establishes a feedback loop, enabling domain owners to monitor and mitigate against email spoofing.
Neil Kumaran of Google emphasizes the dual benefit of adopting DMARC: bolstered security and valuable insights into email systems, fostering a more secure email environment. Despite the surge in DMARC adoption spurred by the remote work shift during the pandemic, the enforcement of stringent policies remains low, with a notable gap in nonprofit domains.
Google and Yahoo’s stipulations aim to set a new standard in email authentication, requiring adherence to SPF and DKIM protocols, avoiding spam, and providing straightforward unsubscribe links in marketing emails. While this initiative towards more secure email is a welcome one, some folks in the cybersecurity sector (including us) are calling for more rigorous measures to combat the rampant misuse within the email ecosystem.
As these requirements unfold, they promise to make a not-insignificant dent in the plague of unauthenticated emails. However, there are still some challenges to watch out for: Malicious actors might still circumvent these barriers, underscoring the need for a multifaceted approach to email security that extends beyond sender authentication.
The true efficacy of these measures hinges on their implementation and the broader adoption of comprehensive security practices such as Managed Detection & Response, and Conditional Access Policies to protect against unauthenticated access to your business’s email server.
If you need help securing your business’s email systems, don’t wait until the hammer drops. Get in touch with us today.