The Federal Fiscal Court and email security
Since 7 June 2019, a warning about fake emails can be read on the website of the Federal Fiscal Court in Germany. According to the warning, previously unknown perpetrators send emails with malicious attachments and use the email domain of the Federal Fiscal Court in the sender. It goes without saying that the emails also look deceptively real. Although the Federal Fiscal Court’s warning is shared in the social media, the actual range is likely to be limited. The majority of the victims are informed – if at all – much too late. And this despite the fact that the DMARC specification is a freely available technology that could prevent this.
Prevent fake mails – with free DMARC
Wanting to warn potential victims in time by posting a blog post is certainly a good idea, but due to the points just mentioned it is only a small building block in communication. The direct warning of all involved email firewalls is much more useful and effective. This does not require a blog post, but a simple, already highly standardized and free technology called DMARC (IETF RFC 7489 – Domain-based Message Authentication, Reporting, and Conformance, 2015).
DMARC is worth it
With a DMARC entry, domain holders explain to the email servers of this world how they should handle emails from the protected domain. Much more important, however, is that everyone knows which servers in the network are allowed to send emails in the name of the specified domain. The introduction of a DMARC entry certainly entails effort at the beginning. However, this effort is quickly balanced out in relation to the transparency gained. This fact and other positive side effects can be read in the DMARC introduction report of the English Ministry of Finance (HMRC). In England, federal authorities are even required to make DMARC mandatory. NoSpamProxy played a pioneering role in the introduction of a DMARC check on the email firewall side and implemented corresponding functions as early as 2016. It is incomprehensible that many email firewalls in use still do not offer this testing possibility.
Online services have long been using DMARC
Most online services have also long recognised the need for a DMARC entry, especially where the service offered involves money. Paypal is a good example. All Paypal domains in circulation are DMARC-protected. Users of an email firewall that consistently evaluates this information need not worry about fake Paypal emails. You will never get to see them and do not have to constantly check the Paypal website to see if there is a new warning of new fake emails.
This possibility of checking the sender of an email is unfortunately denied to recipients of an email from the Federal Fiscal Court because the authority has not secured their email domains with DMARC. Thus, the victims of fake email can only hope that the email security solution used will do its job well and recognize the attachment as a virus. Nevertheless, NoSpamProxy users are not left out in the rain, but have the additional proactive protection provided by the CDR technology (Content Disarm and Reconstruction), which converts damaged documents into secure PDF files.
The NoSpamProxy team supports companies and public authorities in setting up DMARC with its free guide, which is available at https://www.nospamproxy.de/de/ratgeber-dmarc-dkim-spf-dane/ (German only).
You can also read the article on the Security Insider website and on eGovernment Computing (both German only).