What your organization can do to avoid getting phished

As you are probably well aware, phishing attacks are on the rise all around the world. Organizations must take extra steps to make sure that they protect themselves as well as their customers against this threat.

As Attila mentioned in his post earlier this week, LogMeIn employs SPF, DKIM and DMARC on every email it sends from a @logmein.com address.

The combination of these three technologies allows the recipient server to validate that:

  1. The email was sent from a server authorized by LogMeIn
  2. The contents of the email has not been manipulated

The key point is that the check is done on your organization’s email servers. They have to support DMARC, SPF and SKIM in order to filter out phishing emails.

Most major email providers, including Gmail, Yahoo mail, and Outlook.com checks for these records and will put phishing emails appearing to come from a @logmein.com address into the Spam folder. Be wary of slighter variations of the domain part. If you see an email from logme.in.com or logmeein.com or some other variation of our domain, you can safely delete it.

If your organization maintains its own email servers, and you receive these phishing emails please ask your email administrator to set up SPF, DKIM and DMARC. You are going to save yourself from a lot of headache.

And as always, follow the best practices for email.

Does your organization use DMARC? If it does not, what is the reason?  Please leave a comment and share your thoughts.

    
Sandor Palfy

Written by

Sandor is the Chief Technology Officer at LogMeIn