Online Brand Protection Starts with Your Domain

Online Brand Protection Starts with Your Domain

Online Brand Protection Starts with Your Domain

How to protect your brand’s domain

Brand Protection is crucial with any business, which means your brand must be protected everywhere—including your online brand. And Brand Protection is more than just protecting your brand, but also protecting your customers.

In the US alone, 13.2 percent of total sales in 2021 were from e-commerce. That’s a lot. So protecting the domains that house your websites, market your products, send email communications, and nurture relationships with your customers is a must.

Why? Because malicious actors love to use your brand for it’s reputation and recognition to:

  • Sneak past email filters in order to deceive email recipients into providing personal information
  • Create rogue websites that look eerily like yours to try to steal login credentials (or if you’re “lucky,” the rogue websites just want to sell counterfeit versions of your products)
  • Phish an employee to gain access to internal systems and the data within
  • And more.

If a website or message is unknown or is clearly misleading, the attack will have far less success. However, stand it on top of a well known brand, and the outcome changes dramatically.

By using your brand’s good name and associated trust, attackers can elicit actions that reveal passwords or login credentials, etc. that otherwise would not have been shared. And, although your brand was not the perpetrator, it may still lose some level of trust and credibility with both your customers, future customers, filtering algorithms, and so on.

But all is not lost.

M3AAWG (Messaging, Malware, Mobile Anti-Abuse Working Group) has published best practices for domain management to protect your brand’s domains. The Brands Committee Chairs also summarized these best practices across a few blog posts—the first of which starts with “Don’t Let Your Company Become a Headline: Protecting Your Brand from Cyber Attacks.” The blog highlights some outstanding numbers in regard to how damaging brand compromises are, such as:

  • $400 million: The amount the top 12 phishing breaches alone cost
  • 75%: Percentage of organizations that experienced a phishing attack in 2020
  • 46%: Percentage of organizations that experienced reputational damage from a data breach

Best Practices are designed to help you prevent and mitigate brand abuse issues. Of the key steps covered, six of them are highlighted below:

  1. Take inventory and document your domains and their configuration

    This is a great one and something that clients often come across by accident. For example, getting asked during a security audit, “Are you using this? And if so, what is it for and how are the DNS records being used?”

    Or a domain’s DNS records are removed because the DNS admin had no record of why the domains were in use to begin with. And once those records are removed, mail streams stop authenticating, websites stop working, images stop loading, and so on.

    Working with all teams between website, email, hosting, etc. begin building out your domain list, what each domain is for, what DNS records are still in use, what servers host records, and who manages them. Keep it up-to-date and build a process around this information collection activity. Audit the list throughout the year.

  2. Ensure domain access and contact information is secure and lock the domain’s settings to force authorization requests in order to implement a change

    Login credentials should be secured and only accessible to approved employees. Registrars should also have the most up to date information on contacts and admins so they know who to contact first in case of an issue.

    A simple step like locking your domain can also prevent DNS changes from occurring without an additional approval step from the admin and/or company. Locking your domain will prevent changes like deletion, transfer, updates, etc. from happening without authorization.

    In addition, internal teams need to be kept up-to-date on the transition of access privileges when there is turnover. And transitions should not be a cause for missing abuse. So make sure any notifications that are sent out are tied to a team alias.

    All contact information, notification aliases, etc. should be documented and audited as well when you audit your domain inventory.

  3. Select the right registrar for your line of business

    Security around your domain is crucial and some registrars provide extra support with monitoring your domain, sending alerts, and informing you when domains are created that are similar to yours (which could be used to spoof your brand).

    When selecting your registrar, make sure they have the security protection elements you need to ensure your domains are protected.

  4. Utilize defensive registration

    Parking domains, or securing domains and then setting them aside, is one way to keep domains that look like yours off the market and out of the hands of abusive actors.

    Although you can’t hit every iteration that looks like your brand’s domain, locking down those most susceptible to abuse can go a long way.

  5. Mitigation with registrars

    Registrar’s control who is getting access to domains, which means they can also revoke access when it’s abused. Using mitigation paths directly through the registrar is one way to stem the abuse when it occurs.

  6. Email Authentication

    Email authentication is something all senders should be doing today. All mail should be covered by SPF, DKIM, and DMARC.

This is only a taste of how you can protect your brand. There is so much more detail and advice available in the articles and published documents on M3AAWG’s site.

Keep an eye out for more information from the Brand Protection Kit as they publish more guidance on how to protect other areas of your business that can benefit from security and abuse best practices.


Online Brand Protection Starts with Your Domain

Click to rate this post!
[Total: 0 Average: 0]

Check Also

do-friendly-from-names-impact-deliverability?-and-if-so,-how?

Do Friendly From Names impact deliverability? And if so, how?

Friendly From Names (also known as the “From Name”) are one of the first things a user sees when looking at their inbox. And they are an important part of the first, second, third, and even last impression a sender can make in the inbox. Getting those impressions right is a key part in making sure your campaign is successful. But can they also be

>