New Study Reveals Massive Email Security Risks Due to Misconfigured Security Records Across 1 Million Domains

Privacy and RegulationsEmail Marketing
By PRNewswire
Zoom bolsters security offering with the inclusion of post-quantum end-to-end encryption in Zoom Workplace

Stratus Security announced the findings of a ground-breaking study examining the security measures of over 1 million internet domains. The research, which analyzed the implementation of critical email security measures, identified a concerning trend: a significant percentage of domains are vulnerable to phishing attacks due to misconfigured security records.

Stratus Security’s research focused on the configuration of Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting & Conformance (DMARC) records – crucial defenses in protecting a domain and its users from phishing attacks. Correct configuration of these measures prevents unauthorized parties from sending emails using a domain’s identity.

However, the study uncovered widespread misconfigurations leaving domains open to exploitation. Alarmingly, this included highly sensitive government and education domains, commercial entities, and even some surprising outliers like North Korea’s sole domain in the study, the Ministry of Foreign Affairs (mfa.gov.kp).

Marketing Technology News: MarTech Interview with Nancy Coleman, SVP of Corporate Communications at DigitalOcean

Stratus Security’s researchers found that misconfigurations could potentially allow malicious actors to send emails appearing to come directly from these domains. The most alarming cases were domains tagged with ‘+all’ in their SPF records, essentially inviting anyone to send emails as that domain, with no indications of phishing. One such domain was the Greek public employment service (dypa.gov.gr) – making it possible for virtually anyone to send an email posing as an official communication from this institution.

Stratus Security CTO, Colin Watson, explains: “Phishing attacks rely on trust. When an email appears to come from a reputable source, users and businesses are much more likely to engage with its content. That’s why these misconfigurations present such a risk. It’s essentially rolling out a red carpet for threat actors to exploit.”

Stratus Security urges organizations to review and correct their SPF and DMARC records, perform regular audits, foster cybersecurity awareness among their teams, and seek expert assistance if needed. They stand committed to supporting businesses in this endeavor, with the belief in building a safer digital landscape—one domain at a time.

Marketing Technology News: How Online Businesses Can Stand Out By Understanding Their Customers Using Digital Experience Insights

PRNewswire

PR Newswire, a Cision company, is the premier global provider of multimedia platforms and distribution that marketers, corporate communicators, sustainability officers, public affairs and investor relations officers leverage to engage key audiences. Having pioneered the commercial news distribution industry over 60 years ago, PR Newswire today provides end-to- end solutions to produce, optimize and target content -- and then distribute and measure results. Combining the world's largest multi-channel, multi-cultural content distribution and optimization network with comprehensive workflow tools and platforms, PR Newswire powers the stories of organizations around the world. PR Newswire serves tens of thousands of clients from offices in the Americas, Europe, Middle East, Africa and Asia-Pacific regions.

You might also like More from author
Brought to you by
For Sales, write to: contact@martechseries.com
Copyright © 2024 MarTech Series. All Rights Reserved.Privacy Policy
To repurpose or use any of the content or material on this and our sister sites, explicit written permission needs to be sought.