Skip to main content
Build the future with Agentforce at TDX in San Francisco or on Salesforce+ on March 5–6. Register now.

Protect Your Brand and Reputation

Learning Objectives

After completing this unit, you’ll be able to:

  • Determine what email security you currently have in place.
  • Explain the most common email security threats.
  • Recognize the signs of phishing and spoofing scams.
  • Adopt and implement DMARC for your email.

Email Is Your Lifeline

Email or electronic mail was created as a method of sending and receiving messages. Email is probably the most important and widely used communications system in today’s business world. It connects you with clients, customers, employees, prospects, and vendors. It touches nearly every part of a business. When you send communication via email, your recipients believe it’s you and trust the contents. Your email is directly connected to your reputation, and your reputation is one of the reasons for your success. It’s an integral part of your brand. 

Here’s the conundrum. The underlying email protocol Simple Mail Transfer Protocol (SMTP) was designed more than 30 years ago, when most of us hadn’t heard of email let alone adopted it. SMTP was never equipped to handle the security threats today’s email systems face on a daily basis. New, up-to-date email security protects your clients, employees, and business— everything that makes up your brand and reputation.

Now imagine your email system is hacked or compromised. Cyber criminals can now impersonate you, spread viruses, and gain access to confidential information, inflicting damage to the very people who trust you. Many businesses would come grinding to a halt. The damage could be disastrous. Protecting your brand and reputation must be a key objective for every organization, no matter its size. To take email security into account at your organization, you should implement DMARC. Let’s take a closer look.

DMARC Is Your Friend

Domain name spoofing is when someone uses an SMTP server and email software to “send” emails from your email address. To protect your email security and your reputation from email and domain spoofing, you can use Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC allows a sender to indicate that their messages are protected, and tells the receiver what to do if one of the authentication methods used by DMARC passes or fails. 

A factory line of email messages going through a DMARC process and then coming out with check marks showing they have been validated to a happy recipient.

Some of the more tangible benefits of DMARC include:

  • Stops phishing emails before they reach users
  • Decreases the risk of phishing emails ever entering the system
  • Real-time alerts of phishing attempts

Note that DMARC will not resolve all types of spoofing/phishing attacks. It will only prevent those that use your organization’s domain name. You still need to use and implement other email security mechanisms.

It also takes two to tango. Both the sending organization and receiving organization must participate in the DMARC process to be more effective. If the customer and supplier use DMARC, both are protected from email domain spoofing. If only one does, then neither are. The sending organization is responsible for creating and implementing the DMARC policy. The receiving organization is responsible for enabling DMARC verification. Spread the word and encourage others to adopt! Every domain owned by your organization should be secured with its own DMARC policy.

The good news is that DMARC can be implemented easily. In fact, we’re happy to share the simple implementation guidelines directly from the Global Cyber Alliance (GCA). These guidelines will help you check your own email domain/enable DMARC, Use the GCA DMARC Setup Guide, and Access the DMARC Bootcamp Online Library.  

The Global Cyber Alliance’s Protect Your Email and Reputation Toolbox provides free tools for analyzing your DMARC reports. In addition, there are resources included to help you monitor the Internet for anyone trying to impersonate your website or your domain. You can use the tools listed under the Trademark Protection section of the Global Cyber Alliance’s Protect Your Email and Reputation toolbox to assist in protecting your trademark.

Now that we know what DMARC is, let’s talk about what it protects you from. Most email attacks come in through phishing and spoofing. In fact, more than 90% of cyberattacks start with a phishing email.

Phishing

A fishing line with a hook that is attached to an envelope to symbolize a phishing email trying to lure its recipients.

Phishing emails try to trick people into giving up sensitive information or access to money by appearing to be “legitimate” requests from trusted sources. Phishing emails can be sophisticated and extremely difficult to detect. The nuances that give away these illegitimate emails are subtle. You may not notice that the sender’s email is suspicious. Maybe the company’s name is misspelled by one letter. Perhaps the color scheme is off. Even the most informed can fall for phishing scams.

Spoofing

A man is holding a mask with a different face to signify the concept of spoofing, or pretending to be someone else.

One of the common and easy methods cybercriminals use in phishing attempts is called “email spoofing”. A spoofing attack occurs when a person or program successfully impersonates another by falsifying data, gaining an illegitimate advantage. The spoofer tries to convince the recipient to share valuable information or perform tasks on their behalf. These are as equally sophisticated as many phishing scams, and the spoofer often builds a virtual relationship with the victim. Once inside a user’s computer network, the spoofer often releases malware, compromising several systems and inflicting significant damage. 

More Than Just Phishing and Spoofing

Yes, these are common email threats, but they aren’t the only ones. Other common email scams include:

  • Business Email Compromise (BEC): This is a type of scam targeting companies who conduct wire transfers and have suppliers abroad. In this scam, someone pretends to be your CEO, a supplier, or a lawyer. It usually involves a request to the finance department for a money transfer. These can look legitimate and can even address people by first names. Even worse, sometimes fraudsters have gained access to the CEO, supplier, or lawyer's email account. Just because it appears to come from a trusted party, don’t assume it’s legitimate. Confirm any requests.
  • Spam: We all get spam and try to ignore it. And it's not all malicious, much of it is just annoying. However, there are two types of spam emails. The first are from the spammers themselves trying to sell you a product or service. They fall into the annoying but relatively harmless category. The other type are ones sent in bulk by computers infected with a virus. These are the ones to worry about.

You may be thinking, “I would be able to spot these.” In some cases, you may be right but these phishing emails can look very real and convincing. Recent history has shown that people continue to fall for these scams—it’s what keeps these hackers going. The best practice is to implement strong email security to protect your employees, customers, and business.

Sum It Up

Your email represents you. It’s a key part of your brand and reputation. There are people out there making every effort to penetrate your email systems and gain access to all sorts of information. DMARC is the best way to protect your business, and there are a lot of resources to help you implement it. 

Resources

Share your Trailhead feedback over on Salesforce Help.

We'd love to hear about your experience with Trailhead - you can now access the new feedback form anytime from the Salesforce Help site.

Learn More Continue to Share Feedback