TechBytes with Alexander García-Tobar, CEO and Co-Founder, Valimail

How have anti-phishing technologies evolved in the last 2-3 years?

The biggest advance in the past few years has been the rapid development, and adoption, of sender identity technologies. This is a direct response to the fact that the vast majority of phishing attacks (89%, according to a study by Barracuda) use impersonation, either of trusted brands or of a person the recipient knows. Fake identities make these phishing emails harder for traditional defenses to detect, and they often fool recipients completely.

Sender identity validation helps ensure that messages from untrusted senders don’t get delivered to the inbox in the first place.

One example of such technology is DMARC (Domain-based Message Authentication, Reporting & Conformance), which is now widely accepted and used as a global standard. It addresses one of the most critical parts of the problem — domain spoofing — and it’s encouraging to see how rapidly organizations are adopting DMARC and moving to enforce DMARC policies in the past few years.

We can think of criminals as being a step ahead in using cutting edge technologies, artificial intelligence, and “dark data” to break into systems. What other technologies can you name here?

The fact is, most cyber criminals are not evil geniuses using the most advanced technologies. They tend to use widely known malware kits that are available on the dark web, make a few tweaks, and then embed their payloads into phishing websites. Then they whip up an email marketing campaign to send out phish to unsuspecting targets.

The biggest advance in recent years is that attackers are now using artificial intelligence and other techniques to create highly variable, changeable email campaigns in order to evade detection. According to Google, the average phishing campaign lasts only 7 minutes. Then the attackers tweak their email templates and create a new campaign. As a result, 68% of all phishing attacks Google spots have never been seen before. If your email defenses are predicated on identifying malicious content, these attacks will get through.

What makes DMARC a global security barrier against phishing?

DMARC lets domain owners control who (which cloud services or mail servers) are allowed to send email “From” their domains. It is an authentication standard that tells the world “only allow these senders to send as me.

All other senders should be blocked.” It works because the vast majority of inboxes worldwide do DMARC checks on all inbound mail. It protects the domain owner from being phished by criminals impersonating their domain both inside the company and globally.

If an incoming message appears to come from a domain that has configured DMARC, but it doesn’t come from a sender authorized by that domain, it will fail authentication. In a world where 2/3rds of phish have no historical pattern nor data to latch on to, creating what is effectively a “zero trust” approach is the right solution at the right time.

Furthermore, DMARC lets domain owners set a global policy on what happens to those messages that fail authentication, both inside and outside the company. They can set a DMARC policy to tell mail servers to do nothing, to send the failing messages into recipients’ spam folders, or to delete them entirely. The latter two policies are known as “DMARC enforcement.”

DMARC is also significant because it’s the only authentication standard that actually gives domain owners control over the email address that appears in the “From” field of messages. Since that’s the field that recipients actually see, DMARC is very effective.

There are other types of phishing that don’t spoof domains like this, but they are easier to detect and prevent. Configuring DMARC — with an enforcement policy that directs non-authenticating email into spam or trash — lets domain owners eliminate the most damaging types of phish.

What kind of reporting and analytics is Valimail DMARC offering to Twilio SendGrid users?

Valimail Enforce and our free DMARC visibility tool, Valimail DMARC Monitor both have the industry’s most advanced, most comprehensive DMARC reporting and analytics technologies. Valimail can automatically and accurately identify thousands of different email-sending services, with new ones being added to our catalog every day.

Through our partnerships, we can even determine which email service provider a given service is using under the hood, a common situation for services leveraging Twilio SendGrid’s API. DMARC Monitor can be utilized by Twilio SendGrid customers at no cost, enabling them to quickly get unmatched visibility into outbound mail streams, authentication issues, and spoofing attacks.

How would the partnership between Twilio SendGrid and Valimail protect users? What kind of infrastructure/ organizational policies does one need to meet DMARC requirements that you provide?

The primary benefits are:

1. The partnership protects your brand. We prevent fake emails pretending to come from you (“click here” “enter password” “sign in” etc). from landing in your clients’ inbox.
2. It protects your employees from getting phished by criminals sending email to you as your boss, co-worker, etc.
3. It improves email deliverability. Mailbox providers rely heavily on domain reputation to make filtering decisions. By blocking the unauthorized use of your domain, you are ensuring only the legitimate email is factored into your reputation.
4. It automatically and immediately lists all third-party senders who send email as you, enabling a global audit of your senders as well as ongoing visibility. This gives you the ability to organize and authorize third parties — a big improvement over the current “wild west” most companies endure.
5. It enables compliance with regulations such as GDPR and CCPA.

How can any company attest to privacy laws if they don’t know who is sending email as them?

DMARC — with an enforcement policy — is recommended by many government agencies and industry groups around the world, as well as by most major email providers, because it provides the most reliable protection against domain spoofing. And that type of impersonation accounts for some of the most pernicious and hardest-to-detect phishing attacks.

The reporting and analytics tools from Valimail will make it easier for Twilio SendGrid customers to identify and authenticate the legitimate services they’re using, enabling users to get to DMARC enforcement faster than they can on their own — or with any other provider of DMARC services. In addition, the automation in Valimail Enforce lets a Twilio SendGrid customer make updates to SPF, DKIM, and DMARC with one click in the interface as needed, with no need to make changes directly in DNS, which can be manual, tedious and time consuming.

Finally, DMARC at enforcement is required to take advantage of emerging standards like BIMI, which extends the benefits of DMARC to brand reputation, allowing a marketer to display a company logo directly in a mail client, leading to increased opens and clicks and a richer inbox experience.