It’s no great insight to recognize that humans are social creatures.
We’ve communicated with each other in various ways for centuries, always seeking innovative and effective ways to truly connect. Our prehistoric efforts at cave paintings demonstrate our deep need to share our experiences. And we’ve continued over millennia, trying to get our messages across to more and more people, faster and faster. We didn’t consider the possibility that those messages could be fraudulent. Who fakes a cave painting?
Once, we shared stories around firepits, with bards memorizing the tales that brought people together, stories that built cultures. When we had paper and ink, we vastly broadened our reach, mailing letters that sometimes took months to reach their destinations.
And still, we sought better, faster, wider communications methods.
When the postal service began transporting letters all over the world, it was easy to look at the return address: there was the imprimatur of the sender, the bona fides literally stamped onto the envelope. When your grandparents sent your birthday card, you knew without a doubt it was from them.
Decades later when a few academics created email, they didn’t concern themselves with security. They knew and respected each other and used email to share their knowledge, insights, and research. No one doubted the provenance of their communications.
Then things really exploded.
Today, we send the most private, personal information we have over email. We sign contracts for thousands, if not millions, of dollars for real estate via Docusign, the link which we access via email. We approve purchases, launch into websites, and download documents—all through email.
But there is always another side to the history of human communication: those who also seek innovative and effective ways to connect. Their goals are simple—to take what is yours and use it to defraud others. With phishing rampant, our communications can take on a sinister aspect. No longer can we simply glance at the handwriting and stamp on an envelope. No longer can we assume benign intent on the part of fellow academics.
Now we must be cautious. Now we must scrutinize our emails to ensure they truly come from whom they say they do. And we absolutely must protect our own domains to keep the bad guys from using our good name and reputation for their corrupt gains.
That’s not easy. There’s a veritable alphabet soup of acronyms for protecting email. Is it AI, DKIM, ML, or SPF? A little of this, a little of that? The truth is, even for security professionals, protecting this essential method of communication can be a significant challenge, both in time and knowledge.
Taking a layered approach starting with Domain-based Message Authentication, Reporting, and Compliance, or DMARC, is our best, most effective means of protection. Yet even companies who “do DMARC” only reach enforcement, or full protection level, 15 % of the time. It turns out this excellent method of protection can be difficult and unwieldy to deploy without comprehensive information and a lot of time.
If you’re ready to learn more about DMARC and how it can protect your domains from phishing and from being used to phish, read more here. Don’t just put DMARC on your security to-do list: Get the information you need to deploy and reach enforcement quickly and effectively.
It’s the next step in the history of human communication.