CASE STUDY DMARC ANALYZER
This case study is based on a collaboration with one of the largest petrochemical companies from the Middle East, hereinafter named as “client”. Due to the confidential desire of the client, this case study does not contain the real name of the client.
The client has approached DMARC Analyzer in order to stop spoofing activities and targeted phishing attacks on their domains. The customer wanted to use DMARC analyzer in order to focus on brand protection and countering Business Email Compromise (BEC) attacks. At the time the client was already sure they were heavily spoofed, since targeted phishing campaigns had already been hurting them. The DMARC Analyzer application was used to get insight in the full email channel of the customer and it turned out that they were heavily spoofed with over 3,000 malicious sources sending email as if they were actually originating from one of their 100 (sub)domains.
The challenges that ensured DMARC Analyzer was needed as an executive party:
The main project goals of this DMARC deployment project:
After the client was onboarded and DMARC reporting was enabled, the DMARC Analyzer app revealed a lot of sources sending email on behalf of the customer. Since there was no direct access to all owned domains and DNS, setting up all legitimates sources with SPF and DKIM proved to be challenging. On top of this the client operates in a lot of different countries, which made communication between the different teams hard. DMARC Analyzer proposed a segment-based approach to ensure quick results. This ensured that progress was made on all domain simultaneously and the DMARC policies could be enforced quicker.
During the collaboration, 100 (sub)domains have been placed on a Reject Policy. All intercontinental third party senders have been authenticated with SPF and DKIM, the volume of incapable sources have been moved to capable sources. Based on the DMARC reporting data received by DMARC Analyzer, the following results have been achieved:
|Zero measurement||Final measurement|
|Total number of blocked malicious messages||0||500k + per month|
|Number of malicious sources||2000+||100+|
|Number of delivered malicious messages||1 million per month||0|
|Number of unauthenticated legitimate sources||14||0|
|Number of domains with a reject policy||0||All domain|
” With the help of the DMARC Analyzer Deployment Specialist, in combination with the DMARC Analyzer software solution, we were able to identify more than 2000 sources using our main domain on a daily basis, sending more than 1 million messages per month. With the help of DMARC Analyzer we reached the enforcement stage in 6 months and 6 months later the number of malicious sources were reduced by more than 80%. ”