Best practices, Dobre praktyki, Transactional Emails

mBank sender verification – the battle against phishing

Katarzyna Garbaciak, 17 January 2023

verified-email-address

mBank was the first bank in our country to declare war on cybercriminals’ activities and implement sender authentication in the most popular mailboxes used by their customers.

These solutions help visually distinguish genuine from forged correspondence. Both Polish (including Interia, Onet, WP/O2) and global (including Gmail) mail providers enable advanced sender authentication solutions.

mbank-verified-email

Having these verified email address badges, which are visible in most popular email clients, means the message has been digitally signed using a certain security protocol, called S/MIME to be more precise.

Their proper implementation is rewarded by displaying distinctive graphics (a green shield), or the brand’s logo, next to the sender’s name in the mailbox and inside each authenticated email. This type of verification also has an impact on the brand’s reputation and message deliverability, preventing emails from ending up in spam.

Sender verification and cybersecurity

” The additional security implemented by mBank as part of the fight against phishing allows message recipients to verify whether the email actually comes from this particular bank. Added safeguard, which appears in the form of graphics, is certainly a great convenience for ordinary users, thanks to which they can more easily distinguish a malicious message from a legitimate one. One should keep in mind, however, that every security measure will sooner or later be broken/dominated by cybercriminals, which is why it’s so important to constantly improve our systems and make sure they have the ‘latest’ safety features.”

Michał Błaszczak, Pentester at EmailLabs

CyberLabs #1-  Phishing being one of the most popular cyber threats

The mBank Group chooses EmailLabs for handling transactional emails

The mBank Group is using Emailabs to handle transaction emails sent to users of Paynow payment gateway. The CTO of mElements (From the mBank Group) shared his comments on the changes brought by the implementation of Email API:

“We chose Emailabs, i.a. due to our customers’ data security,” Sebastian Sztajnert said at the time. 

Today mBank goes further by launching the latest available sender authentication solutions. Characters or graphic elements allow users to easily verify the validity of communications received in most popular mobile applications or browser versions (they will not be available for Thunderbird or Outlook users).

 How did we achieve the highest level of security for data storage servers? Read mElement and EmailLabs’ Case Study.

Ensure proper sender authentication

Mailbox providers require senders to have basic authentication like SPF and DKIM, without which messages will not reach users. However, besides the general solutions available to all, senders are offered access to premium features.

In the first step, sender checks ISPs’ structure in his contact list. If the vast majority of them use: WP, O2, Interia, Onet, Gmail, Yahoo, in each case these providers’ mailboxes can be configured for additional sender security.

Have you noticed that next to some email senders on your inbox you can see the badge of a verified email address?

WP, O2 have a Trusted Sender standard, Onet has a Verified Sender service, Interia gives you the option to run a Safe Sender and have the logo appear in your inbox.

safe-sender

You’ll see a green padlock icon and a notification in the message from the Safe Sender.

Gmail as well as Yahoo, and also Onet Mail recently, while by honoring the BIMI solution, with verified senders they display both on the mail listing and in the emails itself, notarized brand logos.

bimi-mbank

mBank communication secured by the BIMI standard.

Who is responsible for the sender’s technical authentication settings?

The mailbox providers are responsible for the sender’s technical authentication settings. By verifying their email communication activities, they have the right to reject enabling the service if these practices raise any concerns. Most additional solutions also come at an extra cost and require a series of steps. To facilitate these steps, you can use EmailLabs – all of them are available in a single agreement.

Authenticated senders like Verified Sender, Safe Sender, BIMI or S/MIME are proven solutions for the most recognizable brands, especially those operating in the banking, fintech, courier services, e-commerce, retail or advertising industries.

Katarzyna Garbaciak

Katarzyna Garbaciak

Managing Director EmailLabs

Graduate of the University of Economics in Poznan. Since 2010, she has been actively involved in new technologies and the IT industry. At Vercom S.A., the CPaaS market leader in this part of Europe, she manages the EmailLabs service. Privately, she is interested in behavioral economics and news from IT and cyber-security.

See more articles

Most popular