assured

Protecting Your Company’s Domain Reputation

by Tony Richardson CISSP

Have you ever had to search for an email another organisation claimed to have sent you, only to find it languishing in your spam folder? That can be annoying — but imagine if it were the other way round. What if it were your emails being marked as spam? In general, the efforts organisations put…

Have you ever had to search for an email another organisation claimed to have sent you, only to find it languishing in your spam folder? That can be annoying — but imagine if it were the other way round. What if it were your emails being marked as spam?

In general, the efforts organisations put into information security tend to be focused on preventing phishing attacks and hacks by malware. While these measures are obviously vital, it’s equally important to proactively protect your domain reputation.

Fortunately, there are measures you can put into action now.

Hackers and Bad Actors

Unfortunately, it isn’t only cyber criminals who create an atmosphere of distrust about emails. Many organisations use dubious marketing methods, as well. For example, during the Covid-19 pandemic, it’s been estimated that one in fifteen commercial emails globally used terms such as Covid-19 or coronavirus.

One result of this was to make recipients less alert when dangerous emails arrived using the same tactics, so it was more likely these would be opened. This is just one tactic cyber criminals use, though. The most common is attempting to disguise their email as being from a reputable domain. This can include using a fake email with the real one hidden underneath, or else using a domain name that could easily mistaken for another — e.g. using .com where the genuine domain has .co.uk.

Domain Reputation and Emails

So why is protecting your company’s domain reputation so vital? It’s all down to the deliverability of the emails you send. Email servers will assess incoming emails in various ways, but the reputation of the domain is central to whether the server allows the email through or whether it gets sent to the spam folder.

Even if the email makes it through to the recipient’s inbox, it still has to be trusted by the recipient, and this is a lot less likely if they’ve recently suffered a phishing attack. Research suggests that recipients are 42% less likely to engage after an attack, especially if the criminals have used a fake version of the organisation’s domain to make their assault.

So how can you minimise the risk of this happening?

Three Strategies to Protect Your Company’s Domain Reputation

Fortunately, there are relatively simple steps you can take to protect your domain’s reputation:

  • Regularly review delivery data from your email service provider, as well as from your reputation data provider and feedback loops. This should be by domain name as well as IP address, in order to measure your domain’s reputation.
  • If you have email authentication protocols in place, this helps warn mailbox providers about emails that don’t come from you. Protocols you can use include Sender Policy Framework, DomainKeys Identified Mail and Domain-Based Message Authentication, Reporting and Conformance.
  • Register any close “cousins” of your domain. These should certainly include all common alternative extensions, but you can also think about obvious typos and similar words. For instance, if you’ve registered acmeproducts.com, it would be a good idea also to register acmeproduce.com

What’s the next step?

The tools you need to protect your domain reputation are all out there, but tracking them down isn’t always easy. On the other hand, if you use the right cyber security provider, you can be sure of getting everything you need in one package.

Get in touch with us to find out about how SecuraProTM can set you up with all the tools you need to protect your domain reputation, as well as ensuring you know how to use them effectively.