Email Security Intelligence - Defending Against COVID Email Spoofing Attacks with DMARC

COVID has enabled cybercriminals to refine and improve their attack techniques to cause reputational harm, data loss, financial damage, and significant downtime for organizations. Guardian Digital identified more phishing email attacks in April 2020 than in any other month since the company’s inception in 1999.

This type of threat follows the trend Google studied, where about 18 million COVID-related phishing emails and malware attacks occurred daily over one week in April 2020. With new email security issues developed daily, businesses must determine how to protect employees from email spoofing and phishing email scams. This article will explain DMARC email authentication, how it can secure email, and other email security best practices you can implement for email protection.

What is DMARC? How Does it Work?

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication protocol that verifies sender identities to keep employees safe. DMARC email authentication prevents identity theft by verifying all inbound email messages and ensuring all senders are who they claim to be. This protocol allows email security providers and domain owners to ensure email phishing prevention on their servers, mitigating the risk of email spoofing, phishing email attacks, sender fraud, Business Email Compromise, and more. 

On DMARC, you can create Domain Name System (DNS) entries that receivinspf dkim dmarcg email servers can utilize to verify your identity and vice versa. This email security software ensures that you only see legitimate messages in your inbox, and the server with quarantine emails that seem suspicious rejects them if they pose a threat. DMARC email authentication can provide an extra layer of email protection between your employees and external email senders.

Guardian Digital CEO Dave Wreski warns, “Just as you prioritize frequent hand washing, wearing a mask in public, and keeping a six-foot distance from others, businesses and users must prioritize digital security in this dangerous, uncertain time. Now is not the time to overlook the importance of effective email security.” Staying safe online as we switch to hybrid and remote work is just as valuable as keeping your physical space clean during the pandemic.

How Can I Secure Email With DMARC?

To utilize DMARC email protection software properly, users must configure settings so that the server works to meet business needs. The defense-in-depth, effective email security strategy is excellent to implement, but simply installing DMARC will not permit it to provide its full capabilities to users. Consider pairing DMARC with a multi-layered approach like Guardian Digital EnGarde Cloud Email Security. EnGarde can reinforce DMARC policies when protecting clients from email spoofing, malware ransomware, and phishing email attacks. The most common and popular domains that protect users through EnGarde include the following:

  • (World Health Organization)
  • (Center for Disease Control and Prevention)
  • (Department of Health and Human Services)
  • (Internal Revenue Service)
  • (US Dept. of the Treasury)

With DMARC email authentication in place, EnGarde can help verify whether or not our clients are receiving messages from legitimate senders and reject any spear phishing emails, messages from compromised email addresses, or other email threats. Users can look at DMARC signatures to ensure every message has proper coding instead of a spoofed email signature. Below, we have included the “dig” command on the DMARC record so your domain can check signatures:

# dig +short txt

"v=DMARC1; p=none; pct=100; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; fo=1; adkim=r; aspf=r; rf=afrf; ri=86400; sp=none"

Through DMARC email authentication, users can combat email threats that cybercriminals had the time to develop during and following the COVID-19 pandemic. Implementing DMARC with comprehensive, multi-layered cloud email security software is essential to keeping your employees, clients, and businesses safe.

EnGarde offers a variety of other benefits, such as 24/7/265 remote monitoring and management, an accessible, transparent Dashboard for users, and proper communication. Such practices ensure that EnGarde clients always know what is happening regarding email threats on their servers.

What Other Tactics Can I Use for Email Protection?

cybersec tipsWhile installing DMARC is a tremendous overarching solution to email security, it is valuable to consider a few other tips you can implement daily to reduce your chances of facing email threats. Therefore, we have compiled a list of best practices for email security we recommend you utilize and share with coworkers so everyone can stay safe:

  • Install a Virtual Private Network (VPN) that can protect your online communications when you work utilizing public Wifi.
  • Practice sandboxing malware and set up malware URL scanners on your server so you can prevent malicious code from entering your server.
  • Scan for cybersecurity vulnerabilities frequently so you can employ patching as needed.
  • Approach every email cautiously and inspect them for irregular behaviors, reporting to IT security professionals if you deem anything unsafe.
  • Stay up-to-date on the latest email security threats that threat actors develop by subscribing to newsletters and websites that can notify you about risks that you might face on your cybersecurity platforms.

These best practices for email security, among others, can help keep your organization safe so you never face data loss, reputational harm, or significant downtime.

Keep Learning About Email Spoofing Protection

Proper email security is crucial to helping your business thrive while supporting employees and users. DMARC email authentication can significantly improve security posture by preventing phishing email attacks, email spoofing, and various types of ransomware.

Are you interested in obtaining a defense-in-depth advanced threat protection service that keeps email threats out of your inbox? Consider fully managed cloud email security solutions like Guardian Digital EnGarde Cloud Email Security. Reach out to us to navigate cybersecurity platforms and to see how strong your current system is against threats with a free security assessment. Partner with a leader in the industry today by emailing This email address is being protected from spambots. You need JavaScript enabled to view it.

  • Learn about a comprehensive email security solution that can help you gain a more profound knowledge of your online interactions and relationships.
  • Prepare your business for cyberattacks to make sure employees stay safe online.
  • Implement best practices for email security that prevent breaches and other risks.
  • Get the latest updates on how to stay safe online.

Must Read Blog Posts

Latest Blog Articles