CASE STUDY DMARC ANALYZER

Case study: UK Financial Services Authority

This case study is based on a collaboration with a UK Financial Services Authority, hereinafter named as “client”. Due to the confidential desire of the client, this case study does not contain the real name of the client.

DMARC case study
 

What were the goals of the project?

The client has approached DMARC Analyzer with the intention of finding a trustworthy partner in the brand protection of this prestigious financial institution. The client wanted to ensure the customers only receive legitimate emails on behalf of their domains. In the initial stages of the project, the client had strong reasons to believe their domains have been used for spoofing and phishing attacks. DMARC Analyzer app was used to gain more insight into these activities and analyze the sources and domains that will protect the client’s domains from further spoofing.
 

Challenges at the start of the project

The challenges that ensured DMARC Analyzer was needed as an executive party:

  • Domains were not controlled centrally and had many different (registration) owners
  • There was no insight in the traffic of the email channels
  • It was unclear which sources were sending email on behalf of the client
  • Domains only had SPF authentication, but no DKIM
  • Domains were being abused in spear phishing attacks

 

Project goals

The main project goals of this DMARC deployment project:

  • Map and centralize all domains the client owns
  • Gaining visibility in the outbound email traffic of their domains
  • Identify sources sending email on behalf of the client
  • Get DKIM and SPF fully aligned
  • Mitigate the impact of phishing, spoofing and other attacks. Enforce DMARC policy per domain group (project stage)
  • Monitor anomalies in email channel and email related DNS records

 

How did the project roll?

During the collaboration between the client and DMARC Analyzer, maintaining the TRUST was one of the most important project goals. As a trustworthy financial institute maintaining the trust of the clients is one of the most sensitive and important goals. DMARC Analyzer proposed a very offensive approach and instructed the client on how to implement a reject policy on all 110 domains as soon as possible. By doing so, the domains managed to be fast protected against abuse. The DMARC Analyzer app provided insight into the phishing attempts on behalf of the concerning domains as well as providing insight into which sources needed to be authenticated properly.
 

Main achievements

During the collaboration, 130 domains have been placed on a Reject Policy and all legitimate senders have DKIM and SPF in place.

  • Gained full insight into the email channel
  • Authenticated all email with a DKIM signature
  • Moved towards an enforcement policy on all 160 domains
  • Mitigated the effect of phishing, spoofing and other attacks
  • Improved deliverability

 

Other goals:

  • All domains and sources sending email on behalf of the client are currently identified & authenticated
  • All domains are now centralized in one place
  • The effect of phishing, spoofing and other attacks is mitigated
  • Deliverability of the emails has improved