Organizations usually own a large number of email domains, for brand protection reasons. But only use a subset of those email domains for their mailboxes. Typically any email security measures are only applied to the email domains being used. This means the unused email domains can be at risk of being subject to cyber attack.
Hopefully your main email domains are already protected by SPF, DKIM, and DMARC (reject mode). And by an effective anti-spam and anti-phish policy. An example might be widgets.com . However if you also own the public DNS name widgets.org but do not use it, then this may be used for an impersonation attack, as it may lack the full SPF, DKIM and DMARC protection.
A bad actor may choose to impersonate John Smith who has a primary email address of [email protected] . If widgets.org has no SPF protection then it will take 2 minutes to send an email from [email protected] to any of your customers. If John Smith’s main user account was able to be compromised as well, then a man-in-the-middle attack may succeed in causing financial and/or brand damage.
Check out this relevant article from office365migrate.com covering SPF, DKIM, and DMARC protection.
On many email security protections I commonly find unused email domains within the DNS Registrar that are not used for daily email purposes. And these email domains often have no SPF record, which means anyone can send an email using that email domain. They can then send an email to one of your customers and launch an impersonation attack vector which can develop into a serious cyber breach. The exact steps to do that are not published here. However, one of my customers lost $300,000 USD through such a breach.
Contact me today to arrange an expert review of your email security and what can be done to ensure you are maximizing your protection against cyber attack.
Leave a Reply