Check Point Email Security | Blog

Why You Need DMARC and DKIM...And Much More Besides

Written by Jeremy Fuchs | August 30, 2022

DMARC (Domain-based Message Authentication Reporting and Conformance) lets organizations know that the sender has permission to send from an email server.

For example, passing DMARC gives the recipient confidence that the sender has permission to send from that email server. It is one way to check for authenticity and verification. DKIM (DomainKeys Identified Mail) allows organizations to put their stamp of approval on a message, by signing it through cryptographic authentication that can be checked against a public and private records.

Are DMARC and DKIM a Be-All End-All for Stopping Attacks?

In a word, no. When an email fails DMARC, it is often a sign that something is amiss. But hackers don’t only spoof legitimate domains to carry out attacks. An email could pass DMARC and DKIM and still be suspicious. That’s because it uses a number of other tactics to get into the inbox. For example, many phishing attempts are true zero-day campaigns; the hackers utilize a variety of techniques to get past default scanners, from SiteCloak to SLYKin to HTML attachments to utilizing Sway to thousands of others. Or they use Business Email Compromise techniques. There's a reason that one-quarter of phishing emails bypass O365 security.

What’s needed, rather, is a phishing algorithm that looks at over 300 indicators to determine if a message is legitimate or not. Avanan does that, and leverages ThreatCloud, the world’s largest threat repository to identify more zero-day attacks than anyone else. DMARC and DKIM are just one thing to look at. A company that begins to implement DMARC will stop more attacks. But a robust phishing protection program that utilizes advanced AI and ML to look at the entirety of a message will stop everything.