Email fraud has quickly become a big threat against companies' businesses. Here is how we protect Oatly.

THE MISSION

THE MISSION

As a publicly known brand with presence in over 20 countries, Oatly has a major responsibility to ensure and maintain a high level of security to protect both themselves and their partners. For over 10 years, Oatly has relied on Ports Group to be their strategic partner for domain names and DNS. By 2017, the number of reported email fraud increased by over 1000% and Oatly needed to secure its business against this threat.

PORTS GROUP’S CONTRIBUTION

PORTS GROUP’S CONTRIBUTION

In addition to ongoing management and the secure management of domain names and DNS, in 2018 Ports Group undertook the mission to secure email management and minimize the risk that Oatly's digital identity is used for email fraud. As a result, Ports Group's Email Compromise Protection service was implemented.

THE RESULT

THE RESULT

By securing the entire chain from a complete and secure management of domain names and DNS, the implementation of security mechanisms to counter email fraud to monitor third party registrations of domain names, Oatly and Ports Group have taken all reasonable steps to secure Oatly's digital presence.

"After a period of having seen the extreme rise in the occurrence of false emails, we turned to Ports Group, our partner for protecting our online brand identity since many years. Ports presented their service Email Compromise Protection for us, which seemed promising. After a bit of tweaking and thorough analysis work with Ports, the problem is now basically eliminated and we feel safer in regards to the users’ email management."

Jacob Malmros

IT Manager at Oatly

Strategic domain name partner with legal responsibility

Since the beginning of the 1990s, Oatly’s strong growth and international expansion has required a partner with proactivity and skills in strategic issues regarding trademarks and domain names. For over 10 years, Oatly has therefore hired Ports Group for the secure management of domain names and DNS.

Oatly’s domain name portfolio is managed in Ports Group’s Corporate Trademark Management service with dedicated contact, complete overview of domain names, trademarks and hosting services with our customer portal Ports Management, and – most importantly – a complete outsourcing of both administration and legal responsibility for the portfolio.

Ports Group also monitors ongoing registrations of new domain names that could potentially be a threat to Oatly’s brand. We also assist Oatly’s legal representative to take control of domain names registered in bad faith.

 

Protection against email fraud with Email Compromise Protection

Email fraud is all types of fraud where someone fakes an email address to claim to be someone else in order to get their hands on money, sensitive information and/or spread malicious code. Previously, email fraud has usually been about registering a confusingly similar domain name in order to fool a company’s customers and/or employees.

Oatly has long been at the forefront of creating a secure IT presence. Therefore, it is no wonder that they realized early on the importance of securing their email management, thus minimizing the risk of someone being able to use their identity to commit fraud.

In order to ensure that Oatly has as an email management that is as secure as possible, Ports Group’s Email Compromise Protection service was implemented. The process began with a preliminary study during which we monitored and analyzed Oatly’s email flow from all domain names for a period of time. The purpose was to check the current situation and identify legitimate and non-legitimate senders. When the preliminary study was completed, the results was presented to Oatly, where we also presented recommended implementing a policy for authenticating sending mail servers. Unlike the usual use of the word “policy”, which usually involves a management document on an intranet, a “policy” in this context means a technical security mechanism at the DNS level that determines what happens when a “non-legitimate” mail reaches its recipient.

After presenting the preliminary study and its results, we agreed on the implementation of a number of authentication and monitoring mechanisms. This was carried out in two steps:

  • Step 1
    On the primary domain, which is the only sending domain, we started identifying which servers should be able to send email from the domain. Then, a quarantine policy was put in place for all non-legitimate servers. Any mail that did not follow the policy ended up in the recipient’s trash.
  • Step 2
    When it is ensured that all servers that should be approved were actually approved, a “reject policy” was implemented. This means that email that now does not follow the policy does not reach the recipient at all.

The result of this is a secure email management with a hundred percent “reject” of any attempt to send non-legitimate email via which appears to come from oatly.com.

 

Protection against confusing domain names is used for fraudulent purposes

Implementing Email Compromise Protection service counteracts attempts to send email with the exact primary domain as a sender. However, it does not prevent anyone from registering a confusingly similar domain name and with bad intent using it against for example employees and/or people in other companies.

Therefore, in addition to Email Compromise Protection, domain name monitoring is used in order to identify threats in the form of third party registrations and being able to take legal actions like cease-and-desist letters and potential domain name disputes.

The result is that Oatly has taken responsibility for protecting themselves, but also their customers and partners, from fraudulent behaviour.

Read the full story

About Oatly

Since the 1990s, Oatly makes it easy for people to turn what they eat and drink into personal moments of healthy joy without recklessly taxing the planet’s resources in the process. Oatly’s patented enzyme technology copies nature’s own process and turns fiber rich oats into nutritional liquid food. Oatly operates out of the southern region of Sweden with Headquarters in Malmö and our Production & Development Center situated in Landskrona. The Oatly brand is available in more than 20 countries throughout Europe and Asia. oatly.com