Email has always been a tool of choice cybercriminals. By capitalizing on an established company’s brand reputation, they can send emails with malicious intent (links, attachments, phishing, etc.) and trick people into trusting these emails. Adobe’s own brand reputation has been leveraged in the past for such schemes.
In order to protect our customers from potential confusion or victimization, we embarked on a project to help ensure that emails you receive from Adobe are from verified and authenticated to limit the likelihood of brand impersonation that could harm our customers.
So, how exactly do we ensure that our emails appear to our customers as from an authenticated sender? We first moved to implement email authentication technologies such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, & Conformance) policies into our email ecosystem. To begin, we needed to identify our Adobe-owned domains. Through this process, we identified that Adobe owned a very large number of domains. After collecting traffic against these domains, we carefully analyzed this data. Next, we made necessary adjustments to SPF and/or DKIM records for each identified domain to improve our email authentication pass rate, help protect Adobe owned domains, and better ensure that emails received by customers on behalf of Adobe are genuine.
Through this journey, we identified and overcame a few hurdles:
Integrating our third party service providers into this program;
Managing domain owners as part of a dynamic environment;
Implementation of a complex process to ensure emails were sent compliant with SPF/DKIM to achieve an acceptable DMARC pass rate (usually greater than 97-99%), in order to move to quarantine and finally to a reject policy.
Developing new domain onboarding policies with multiple stakeholders.
We continue to invest in sending “takedown” notices whenever possible for domains that we find are being used to send malicious emails or host phishing websites that impersonate our brands. There has also been a recent upswing in targeted spear phishing attacks as cybercriminals evolve and try different tactics. We continue to work to protect Adobe and our customers against these next generation of threats to Adobe’s email authenticity and its deliverability. If you do receive an email that you suspect is phishing, please forward it to us at firstname.lastname@example.org for investigation. These external reports help us to continuously improve our approach.