How Adobe Helps Protect You from Email Phishing

by Chris Parkerson

Posted on 02-08-2018

Email has always been a tool of choice cybercriminals. By capitalizing on an established company’s brand reputation, they can send emails with malicious intent (links, attachments, phishing, etc.) and trick people into trusting these emails. Adobe’s own brand reputation has been leveraged in the past for such schemes.

In order to protect our customers from potential confusion or victimization, we embarked on a project to help ensure that emails you receive from Adobe are from verified and authenticated to limit the likelihood of brand impersonation that could harm our customers.

So, how exactly do we ensure that our emails appear to our customers as from an authenticated sender? We first moved to implement email authentication technologies such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, & Conformance) policies into our email ecosystem. To begin, we needed to identify our Adobe-owned domains. Through this process, we identified that Adobe owned a very large number of domains. After collecting traffic against these domains, we carefully analyzed this data. Next, we made necessary adjustments to SPF and/or DKIM records for each identified domain to improve our email authentication pass rate, help protect Adobe owned domains, and better ensure that emails received by customers on behalf of Adobe are genuine.

Through this journey, we identified and overcame a few hurdles:

We continue to invest in sending “takedown” notices whenever possible for domains that we find are being used to send malicious emails or host phishing websites that impersonate our brands. There has also been a recent upswing in targeted spear phishing attacks as cybercriminals evolve and try different tactics. We continue to work to protect Adobe and our customers against these next generation of threats to Adobe’s email authenticity and its deliverability. If you do receive an email that you suspect is phishing, please forward it to us at phishing@adobe.com for investigation. These external reports help us to continuously improve our approach.

Vivek Malik
Security Analyst

Marcail Kennedy
Manager, Messaging Services

Topics: Security, Community, DYK?, Major Initiatives, Ongoing Research

Products: