CASE STUDY DMARC ANALYZER

Case study petrochemical company

This case study is based on a collaboration with one of the largest petrochemical companies from the Middle East, hereinafter named as “client”. Due to the confidential desire of the client, this case study does not contain the real name of the client.

DMARC case study
 

What were the goals of the project?

The client has approached DMARC Analyzer in order to stop spoofing activities and targeted phishing attacks on their domains. The customer wanted to use DMARC analyzer in order to focus on brand protection and countering Business Email Compromise (BEC) attacks. At the time the client was already sure they were heavily spoofed, since targeted phishing campaigns had already been hurting them. The DMARC Analyzer application was used to get insight in the full email channel of the customer and it turned out that they were heavily spoofed with over 3,000 malicious sources sending email as if they were actually originating from one of their 100 (sub)domains.
 

Challenges at the start of the project

The challenges that ensured DMARC Analyzer was needed as an executive party:

  • Troubles with publishing DNS records (DMARC / DKIM / SPF)
  • No insight in the outbound email channel
  • Intercontinental third parties sending email on behalf of client
  • Authorized sources were incapable of sending DMARC compliant emails
  • Low usage of authentication techniques (SPF and DKIM)

 

Project goals

The main project goals of this DMARC deployment project:

  • Gaining visibility in the outbound email traffic of their domains
  • Get DKIM and SPF fully aligned
  • Mitigate the impact of phishing, spoofing and other attacks. Enforce DMARC policy per domain group (project stage)
  • Monitor anomalies in email channel and email related DNS records
  • Reaching the reject policy on all the domains as soon as possible

 

How did the project roll?

After the client was onboarded and DMARC reporting was enabled, the DMARC Analyzer app revealed a lot of sources sending email on behalf of the customer. Since there was no direct access to all owned domains and DNS, setting up all legitimates sources with SPF and DKIM proved to be challenging. On top of this the client operates in a lot of different countries, which made communication between the different teams hard. DMARC Analyzer proposed a segment-based approach to ensure quick results. This ensured that progress was made on all domain simultaneously and the DMARC policies could be enforced quicker.
 

Main achievements

During the collaboration, 100 (sub)domains have been placed on a Reject Policy. All intercontinental third party senders have been authenticated with SPF and DKIM, the volume of incapable sources have been moved to capable sources. Based on the DMARC reporting data received by DMARC Analyzer, the following results have been achieved:

Zero measurement Final measurement
Total number of blocked malicious messages 0 500k + per month
Number of malicious sources 2000+ 100+
Number of delivered malicious messages 1 million per month 0
Number of unauthenticated legitimate sources 14 0
Number of domains with a reject policy 0 All domain

 

” With the help of the DMARC Analyzer Deployment Specialist, in combination with the DMARC Analyzer software solution, we were able to identify more than 2000 sources using our main domain on a daily basis, sending more than 1 million messages per month. With the help of DMARC Analyzer we reached the enforcement stage in 6 months and 6 months later the number of malicious sources were reduced by more than 80%. ”