Blog

  1. Home
  2. chevron_right
  3. Blog

2FA and DMARC

2-factor authentication has become more vulnerable to attacks, making DMARC even more important. Recently, a researcher in named Piotr Duszyński released an open source project that allows attackers to automate a phishing attack that bypasses 2-factor authentication. The new tool,…

The Value (and Risk) of DMARC Quarantine

Protect your paycheck! Direct deposit make depositing your paycheck automatic and simple… Until something goes wrong. That’s what recently happened to several Wichita State University (WSU) employees. They received an email with a link prompting them to login using their…

Email Spoofing and your Bank

Alert!! STCU is warning members about a phishing email that is circulating in an attempt to steal login credentials from members. Phishing and Your Bank According to the report, there is an “official-looking” email claiming to be from STCU (Spokane…

DMARC in Higher Education

There was another news article about universities that became the targets of a phishing attack. Unfortunately, it wasn’t a very big headline since it is all too common for a university to be targeted. An article from bleepingcomputer.com stated that…

How to Verify an Email’s Sender

You have an email. It looks legit and you really want to click that link, but how do you verify that it’s not a phishing scam (and you’re about to give away personal information, money, or access to your accounts or…
Cloudflare instant setup Instructions for DMARC

Instant Setup Instructions For Cloudflare Users

Great News! Your domain registrar supports instant setup of DMARC reporting and SPF compression! Get started today without any complicated DNS changes. But how? In order to set up a domain with Fraudmarc, you need to have control of that…
GoDaddy Instant Setup Instructions

Instant Setup Instructions For GoDaddy Users

Great News! Your domain registrar supports instant setup of DMARC reporting and SPF compression! Get started today without any complicated DNS changes. But how? In order to set up a domain with Fraudmarc, you need to have control of that…
Stop Spoofing Gmail

Stop spoofing Gmail!

Almost everyone has a personal Gmail account, maybe two or three. But Gmail is not meant to be used for businesses to send email, even small business, even tiny businesses. Gmail obviously doesn’t want you to misuse their service like…
DMARC forensic/failure reports

Failure/Forensic Report? What’s that?

What is a forensic report? There are two types of DMARC reports. The aggregate reports and the failure reports (also called forensic reports). Data from aggregate reports are included most basic DMARC reports and can be viewed in Fraudmarc’s DMARC…
Emmys phishing 2018

The Emmy Results Really Could be Skewed

Nathan, this is for you: You may have seen the video in which Nathan Fielder interviews a voting security expert who describes a scenario that could be used to skew the results of the Emmys. The plan is very detailed…
how to send a spoofed email

How to send a Spoofed Email

Sending an email from an email account that you don’t control is called email spoofing. The problem with spoofed messages compared to other phishing messages (e.g. Nigerian Prince schemes) is that spoofed emails usually impersonate someone the recipient trusts. Essentially,…
Oklahoma phishing Attack

Phishing is NOT ‘OK’

Oklahoma state auditor’s office has become the target of a phishing attack. We’ve been warning that state governments need to start using email authentication; this is exactly why!   According to this article, there’s an email circulating claiming to be…
Why Fraudmarc offers hosted plans for DMARC

How (and Why) Fraudmarc Plans Are Hosted

You’ve added a domain to protect with Fraudmarc, Great! Welcome to Fraudmarc. The next step is setting up your domain with Fraudmarc. Here’s a little bit about how Fraudamrc works and why we’ve set things up this way. What does…
Why you have to wait for DMARC Reports

Why You have to Wait for DMARC

You just finished setting up DMARC for your domain. Congratulations! You’re on your way to securing your domain. Now, you have to… wait a little… We all hate waiting, but it this case it’s necessary to wait at first. DMARC…
DMARC improves Email Security

Challenge: Does DMARC Really Increase Email Security?

We’ve been helping businesses with SPF, DKIM, and DMARC for years, so we’ve heard a lot about it. People like to make outrageous claims about it. As a result, there’s a lot of misinformation out there. We recently came across…
MassCEC spear phishing attack

Another Successful Spear Phishing Attack

According to the Boston Herald, The Massachusetts Clean Energy Center fell victim to a business email compromise scam (BEC scam), which is a type of phishing attack also called spear phishing. Spear phishing? In spear phishing scenarios, the attacker sends…
A brief history of DMARC

A Brief History of DMARC

Fraudmarc is changing the way business think about email authentication by providing universal access to DMARC through free tools, free and paid options of hosted plans, and Fraudmarc CE, the open source version of Fraudmarc’s DMARC report processing. Fisrt the…
Fraudmarc white paper

How Fraudmarc Is Spreading DMARC Across the Internet

DMARC. It solves a widespread and costly problem, and it’s been around for over 6 years. So why is it still rare for domains to use its protection? Several factors interfere with proper DMARC implementation- It’s not well understood, the…
Fraudmarc CE- Open Source DMARC reporting

Fraudmarc CE: Open Source DMARC

 DMARC has been around since 2012, yet adoption is still below 0.1% across the Internet… and spoofed emails still plague many businesses, damaging brand reputations and cause substantial loss. DMARC’s value as a security measure is widely recognized; governments have…

2017 FBI Internet Crime Report

It all starts with phishing… This month, the FBI released its 2017 Internet Crime report, which details the amount and type of internet crime reported over the year. According to the report, 3 primary types of attacks were reported- Email…

What DMARC Can (& Can’t) Do for Domains

Click to Enlarge Every domain should implement DMARC; it solves many email security problems. However, like all solutions, it has some limitations. It can’t completely protect domains from every type of phishing scheme or social engineering attack. As an open…
SPF- Avoid Overly permissive All Terms

Overly permissive ‘all’ terms

commentNo Comments
+all your domain are belong to them When you allow email to be sent on behalf of your domain by anyone anywhere, then your domain does in a sense belong to anyone who wants it. A common error made by…

How to Implement a Reject Policy

Click to Enlarge Image If you don’t have a DMARC Reject policy on your domain, you’re not alone—97% of Fortune 500 companies don’t have a Reject policy, either. Following some basic guidelines can make implementing a Reject policy easier. Here’s…
DMARC and state governments

DMARC and State Governments

You may have heard that the DHS mandated DMARC for all federal agencies last year. Many federal agencies are still working on it, despite the expired deadline. But what about state governments? There has been no mandate for state governments.…

Understanding Fraudmarc’s Email Security Scores

Fraudmarc ranks the security of every domain’s email using an Email Security Score. You check the Email Security Score of any domain here. Why Evaluate Email Security? As phishing attacks  become more sophisticated and frequent, email security is more important…

The Growing Risk of Phishing Attacks On Your Cryptocurrency Wallet

According to CoinMall, there are 4 ways that you could lose your cryptocurrency to phishing: email phishing, ads phishing, chat phishing, and unconventional methods (SMS phishing and targeted social engineering attacks). All of these phishing methods involve an attempt to…
spf check example

What is SPF?

SPF stands for “Sender Policy Framework,” and it is simply a list of IP addresses that you have allowed to send email on behalf of your domain. It is published in the form of a DNS TXT file (see “what…

Multiple SPF records

commentNo Comments
Don’t fall for bad advice The second most common SPF error made by organizations is publishing multiple SPF records for a single domain. This may be in part due to bad advice offered by various email service providers about setting…
Menu