Your email is one of your business’ most valuable communication tools, both internally and for your customers. Most users, when receiving an email from someone, particularly if they know them and have received email or interacted by email with that person before, will instantly trust that it is legitimate. Because email has such a broad attack surface, however, inherent trust isn’t always a good thing as email spoofing on a domain without sufficient protection is very common. Here are three ways you can improve the security of your domain email and help prevent spoofed email.
The SPF (Sender Policy Framework) is effectively your first line of defense against email spoofing. It uses a DNS TXT record to let SPF enabled STMP servers - the server that sends emails - know what is allowed on the domain. This prevents SMTP servers from sending email ‘on behalf of’ your domain. The TXT record contains information for the sending server to reference about what servers are allowed to send mail using the domain (usually by IP address) as well as what should happen if an SMTP server tries to send email using the domain that isn’t authorised.
SPF doesn’t authenticate the ‘from’ field, nor does it have any reporting capability.
However, you can improve your reporting capability alongside email deliverability by using an SMTP add-on called Post SMTP. Post SMTP has an amazing feature of “Email Logs.” The feature helps your SMTP to easily read, check, and filter the status of delivery and debugging output. Moreover, it also has a “Notification” feature that helps you in case any of your emails fail to send. Post SMTP will let you know by Email, Pushover, or Slack in that scenario. Overall, it can be a solid support to your SPF.
DKIM (Domain Keys Identified Mail) uses a slightly different method. It gives any emails sent from your domain a digital signature, which is added to the header of the email. This signature is then verified by the recipient server as authentic, and as an assurance that the email was sent by an authorised user of the sending domain. The public key is used to verify this digital signature and is stored in a TXT record on the domain’s DNS records.
This improves email deliverability and protects against email spoofing. It can be used in conjunction with SPF to further increase email security.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is essentially a combination of both SPF and DKIM to both determine the legitimacy of an email and to create reports based on defined criteria about the deliverability and any attempts to spoof email that have occurred. DMARC is currently the gold standard in email domain protection. Read this blog post fraudwatchinternational.com/dmarc/why-every-business-should-implement-dmarc/ -it does a great job of explaining why implementing DMARC should be a priority.
It works by allowing domain administrators to instruct email systems on how to process or handle email that did not pass SPF or DKIM authentication – either sending them to junk emails, having them blocked or processing them as normal. While not all servers and ISPs perform DMARC checks yet, the list is growing by the day of those who do, and Mimecast alternatives may offer flexible solutions for those in need of additional protection.
Protecting your domain against spoofed email doesn’t have to be something you need to dedicate a lot of time or energy to if you take the correct steps in configuring these protection methods. There should always be a level of monitoring for the reports generated from these systems, however. Cybersecurity is a holistic practice that requires giving attention to many different areas and only with a solid plan can you be successful in mitigating these threats.
Photo by Miguel Á. Padriñán from Pexels