As cybercriminals seek to take advantage of the COVID-19 pandemic by exploiting government and international organizations such as the CDC, WHO, and NHI, Twilio SendGrid is excited to announce a partnership with Valimail to provide turnkey solutions that better protect customers’ sending domains. Twilio SendGrid processes over 50 billion emails every month, meaning we touch over half of the world’s unique email users on a rolling 90-day basis. With such massive scale and reach, it’s imperative that we protect recipients’ guarded information and credentials from dangerous phish.
Twilio SendGrid customers will be able to monitor and analyze DMARC reports, utilizing Valimail’s DMARC Monitor and DMARC Enforce solutions, to further protect their email domains from impersonation and comply with industry best practices by reaching DMARC enforcement. These solutions will enable customers to deploy email authentication with greater insight into the health of their sending domains.
“Cybercriminals never let a crisis go to waste. Phishing has surged to exploit the uncertainty and fear at a time people are working from home, far away from IT support and with an even higher reliance on email. Impersonation is the attack vector used by 90% of spear phishing attacks—email sent as your co-workers, your boss, or a trusted organization — and domain spoofing poses unique challenges for both detection and prevention. Twilio SendGrid has long been a leader in email security and deliverability and we are excited to partner with them to provide their customers solutions for DMARC enforcement.” – Valimail CEO Alexander García-Tobar
Understanding the Problem
DMARC, an internet standard, empowers customers to establish policies around who, what, and which cloud services can send email from their domain. “Domain spoofing” is when a company’s domain is impersonated, which is typically motivated by malicious intent, such as phishing. At a minimum, 1% of global email volume is sent using a spoofed domain. These attacks can cause monetary losses, damage your brand’s image, and cause email deliverability issues. According to the FBI, losses totaled over $26 billion from 2013 to 2019 for Business Email Compromise/Email Account Compromise (BEC/EAC).
DMARC provides visibility into the platforms and services using your domain to send email. This visibility isn’t just necessary to mitigate bad senders, it also helps bring legitimate services and senders into compliance and allows domain owners to take stock of their total mailing footprint. In addition to visibility across your entire mailing program, you’ll know exactly where SPF and DKIM are failing, along with alignment of your “from domain.”
Domain alignment is when the from domain (RFC 5322) matches the SPF and DKIM domains. For DKIM, the message’s from domain and “d=” domain must match. Similarly for SPF, the from domain and the “return-path” domain must match. This is a very important concept to understand because it’s where the value of DMARC really shines. Cyber criminals can simply configure SPF and DKIM in an attempt to look legitimate, but aligning authentication with the from domain they’re spoofing is nearly impossible.
We put together a DMARC Pass/Fail Matrix to help visualize alignment. Messages 1 and 2 both have SPF and DKIM, but message 2 fails alignment because the “from” domain (domain.com) is different than the SPF and DKIM domains (other.com).
DMARC Enforcement
Implementing a “reject policy” (p=reject) is the ultimate goal and last step to preventing malicious email from being delivered to your subscribers. This policy instructs participating mailbox providers to outright reject any mail that fails both DKIM and SPF checks. There is a less strict policy called “quarantine” (p=quarantine), which is still considered a DMARC enforcement status. Rather than the outright rejection, this policy will deliver messages to the spam folder if both DKIM and SPF checks fail.
Unfortunately, reaching a “reject policy” can be difficult. The average company uses 129 applications, an increase of 68% in the past four years. All services sending mail need to be authenticated correctly and authorized to do so. As a result, it can take months of collaborating with teams across an organization to track down all the responsible parties and update them as you grow. Twilio SendGrid is offering two solutions to help customers monitor their DMARC reports and reach DMARC enforcement as quickly and painlessly as possible.
DMARC Monitor provides Twilio SendGrid customers with an easy to use interface and enables your organization to make intelligent decisions based on your DMARC data. Unique among DMARC solutions, DMARC Monitor For Twilio SendGrid displays sending services using your domain to send email by name, not by IP address, it can identify which ESP any given cloud service may be using, and it can accurately identify any of more than 5,500 different sending services. The tool also identifies where SPF and/or DKIM failures are occurring, and if any “suspicious” senders are abusing your domain. You’ll gain visibility into all platforms sending email from your domain.
Twilio SendGrid chose to partner with Valimail because their Enforce solution has the industry’s highest rate of getting customers to DMARC enforcement, and even provides a guarantee. This solution enables customers to completely automate your DKIM and SPF configurations, which means the days of manually creating DNS records can be a thing of the past. Additionally, it allows customers to authorize approved services with just one click.
I’m a Twilio SendGrid Customer – what’s next for me?
Whether you’re using Twilio SendGrid to send marketing messages, transactional messages, or both, DMARC can help improve your deliverability and stop bad actors. Sign up for DMARC Monitor for Twilio SendGrid, free of charge, to immediately see who is sending email as your domain, both legitimately and maliciously, and take the first step to protecting your domains from impersonation, increase deliverability, and improve brand reputation.