Email authentication as a weapon in the fight against ransomware

Nov. 10, 2023
Authentication tools are growing in importance because they can prevent domain impersonation

Email is one of the main and the only independent forms of modern communication, with the global email user base hitting 4.26 billion at the end of 2022. Given email’s prominence, it is naturally a popular channel for fraud. 

This is especially the case for ransomware. With the average estimated cost of a successful ransomware attack costing organizations $4.5 million even before any ransom is paid, closing ransomware attack vectors is a top priority. Yet, despite email being such a hot target for ransomware attackers, many organizations could be doing much more to protect themselves.

Ransomware, phishing, and today’s attack prevention toolbox

In 2022, 97% of companies experienced one or more phishing attack attempts. New tools, like generative AI, have helped drive this trend by enabling cybercriminals to rapidly mass distribute highly-tailored phishing emails. This development has undermined security approaches that rely on analyzing the body of a message to detect phishing or spoofing attempts. As a result, many leaders are realising the importance of authentication tools that can spot emails at the domain level.

Authentication tools are growing in importance because they can prevent domain impersonation, which most phishing campaigns leverage. This is where an attacker’s email address impersonates a legitimate domain, enabling them to disguise themselves as known contacts. This makes it substantially more likely that a recipient will open a ransomware-laden attachment or link, as they are under the impression, they can trust the sender. 

SPF, DKIM, and DMARC

Domain authentication protocols come in a trifecta – SPF, DKIM, and DMARC.

  • Sender Policy Framework (SPF): Shows all servers or services that are permitted to send emails from a domain.
  • DomainKeys Identified Mail (DKIM): Signs all legitimate outbound emails with a cryptographic key used to identify sender legitimacy. 
  • Domain-based Message Authentication, Reporting & Conformance (DMARC): DMARC works by allowing email senders to publish policies in their DNS records, which instruct email receivers on how to manage unauthenticated emails purportedly from their domain, providing a way to reduce email fraud and spam.

SPF, DKIM, and DMARC provide a comprehensive solution for domain impersonation, halting phishing attempts and other email attacks meant to steal information and inject ransomware. 

Despite the benefits that come along with the implementation of DMARC-inclusive solutions, they are still vastly underutilized by organizations across industries. One of the most notable is education, with less than 8% of universities in the US leveraging DMARC on email domains. 

The combination of DMARC and rigorous email authentication is a strong and efficient weapon available to everyone in the battle against ransomware. With phishing emails growing more convincing and sophisticated, it’s a capability that organizations can’t afford to miss out on. 

Gerasim Hovhannisyan is a serial entrepreneur, CEO and co-founder at EasyDMARC, - a B2B SaaS, that solves email security and deliverability problems just in a few clicks. An early-stage disruptor in the DMARC deployment & monitoring market. EasyDMARC helped over 45,000 companies from 130 countries stop a wide range of targeted email attacks and safeguard their sensitive PII and revenue.

 Over the past 15 years, Gerasim has held many distinct roles in the IT industry, having started as a network engineer when he was still in high school. His longest-tenured role was working as the Infrastructure Director at Picsart, the world's largest creative platform and social editing app.

 He is also a regular speaker at conferences, and he covers a wide range of popular topics, including business strategy, international team building, distributed infrastructure management, and cybersecurity.