When it comes to information security, many organizations have their sights set on preventing and remediating phishing attempts and malware hacks. While valiant and important efforts, this laser focus often leaves domain reputation overlooked. But companies should not overlook this issue. Domain reputation has become extremely vital to protect and preserve consumer trust.
Domain reputation became increasingly important amid the pandemic as bad actors took advantage of the chaos of current events. As COVID-19 reached the consciousness of billions globally, there was simultaneously a massive increase in the use of terms like “coronavirus” and “COVID-19” in legitimate marketing campaigns as well as malware and ransomware campaigns. According to our research, from April of 2020, over 1 in 15 commercial emails sent globally pertained to COVID-19.
At the same time, complaint rates for COVID-19-related marketing emails steadily increased, showcasing a rise in bad actors exploiting truly vulnerable populations. Understandably, many consumers were more likely to let their guard down when it came to receiving COVID-19-related information in their inbox, making them even more likely to fall prey to illegitimate attempts.
Addressing the problem
Protecting domain reputation greatly influences an organization's email deliverability. Mailbox providers rely on domain reputation to determine trust. The better a domain reputation, the more likely receiving email servers will trust the emails. And of course, the worse the domain reputation, the less likely an email service provider will trust the emails. Email has become the biggest threat vortex for an organization’s domain reputation because of the ease at which bad actors can take advantage of unassuming customers.
The InfoSec Institute has found that customers are 42% less likely to engage with an organization after a phishing attack. Unfortunately, bad actors are constantly looking for ways to take advantage of consumers. Prevalent methods include spoofing, misusing, or even creating a close cousin of an established domain to conduct a phishing campaign. This way, when a customer sees the phishing attempt, they trust the sender and are more likely to inadvertently give the bad actor access to their systems.
But it’s not all doom and gloom. Organizations can use a myriad of protocols to protect their domain reputation:
- Measure the company’s domain reputation by reviewing delivery data from the email service provider, feedback loops, and reputation data provider. It’s important to aggregate that data by domain as well as by IP address, as domain reputation functions as a more granular measurement.
- Implement email authentication protocols so mailbox providers can easily identify and respond to illegitimate messages. This includes Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to validate the content through digital signatures. Then, organizations can implement Domain-based Message Authentication, Reporting and Conformance (DMARC) to direct mailbox providers to block or filter unauthorized messages spoofing your domain in the sender address of emails.
- Register close cousin domains. Unfortunately, bad actors are eager to take advantage of common typos and misspellings to trick unsuspecting consumers into their phishing attempts. To thwart this, businesses should defensively register the scope of domains that bad actors could potentially abuse.
It’s always possible for bad actors to find flaws in a security system and take advantage of it – it’s their sole focus, while most organizations have so many other daily priorities. Having a customer fall prey to a bad actor’s phishing attempt isn’t just bad for that consumer’s relationship with the organization: it’s a massive brand image crisis.
Fortunately, savvy organizations have a wealth of security resources at their disposal to prevent those attempts. With careful attention to domain reputation and appropriate mitigation efforts, organizations can continue to protect the important trust they have established with customers.
Tom Bartel, senior vice president, data services, Validity