Managing your online presence is crucial in the current age, but many aspects of email security are often overlooked, with the assumption that everything is taken care of by service providers. In our experience, the vast majority of organisations, large and small, would benefit from improved email domain controls.
Implementing robust security measures not only safeguards your sensitive information, it also protects against others masquerading as your trusted email domains, and reduces the instances of legitimate emails incorrectly being flagged as junk email. In this article we discuss the benefits of three core aspects of email security – Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message, Authentication, Reporting and Conformance (DMARC)
Specify legitimate email sources using Sender Policy Framework (SPF)
SPF Overview
SPF specifies which servers are authorised to send emails from your domain, reducing the risk of email spoofing. SPF records should be configured to include all servers which send legitimate email on your behalf, which may include mail servers, web servers, third party mailers or CRM systems.
SPF Benefits
- Trusted Source – SPF allows recipients to check that the email has originated from an authorised server, improving filtering of messages which are not from a legitimate source
- Reduced Spoofing – Specifying the servers which are authorised to send email from your domain reduces the opportunity for fraudsters to successfully impersonate your email address, protecting your brand and reputation.
SPF Weaknesses
- Reliant on sender IP addresses – SPF relies on specifying the IP addresses of authorised servers, however many organisations outsource email management to large email providers or cloud services with dynamic email addresses, so whilst it offers a level of improved control, it is not sufficient as a standalone measure
Ensure message integrity with DomainKeys Identified Mail (DKIM)
DKIM Overview
DKIM applies a digital signature on your emails, confirming their origin and verifying the message content hasn’t been modified in transit. Each email is signed on the originating server, and recipient mail clients can validate the authenticity of the message by validating the cryptographic key using the Domain Name System (DNS).
DKIM adds an extra layer of security on top of SPF, even if you are using shared infrastructure or cloud mail services, as a specific DKIM signature can be configured for your domain only.
DKIM Benefits
- Message Integrity – DKIM protects against tampering during the email’s journey, assuring recipients that the message content had not been changed after it was sent.
- Improved deliverability of legitimate emails – Major email providers are more inclined to trust authenticated emails, reducing instances of “false positives” which result in legitimate email ending up in the Junk Mail folder.
Enforce your policy using Domain-based Message Authentication, Reporting and Conformance (DMARC)
Whilst SPF and DKIM are now widely deployed to some extent as standard by most providers, many organisations miss out on many of the benefits by failing to publish a DMARC policy.
DMARC Overview
DMARC builds upon SPF and DKIM, empowering you to publish your policy dictating how recipients should handle emails purporting to originate from your domain. Rather than relying on the default scoring of the recipients email service, you can specify whether unauthenticated emails should be delivered to the Junk Mail folder, or not delivered at all. Publishing a policy on how to handle unauthenticated emails further improves the trustability of your legitimate emails.
DMARC Benefits
- Policy Enforcement – DMARC allows you to publish policies instructing email providers how they should handle unauthenticated emails purporting to be from your domain (quarantine, reject or allow).
- Visibility and reporting – You can receive reports from recipient email systems in to email activity, monitoring the effectiveness of your policy and assisting you to refine your email security strategy based on real-time data.
Conclusion
Implementing SPF, DKIM and DMARC together safeguards your email domain against cyber threats, protects your brand reputation and protects the integrity of your communications. Whilst SPF has it’s limitations, combining it with DKIM and DMARC provides part of your comprehensive security strategy.
Secure your email domain today with our fixed-price domain security assessment for only £300 + VAT. Our assessment includes SPF, DIKIM and DMARC along with other security checks, with same-day or next working day recommendations. We can also assist in implementing our recommendations or liaising with your service providers if you so desire.
Email projects@activon.co.uk or call 01292 501 600 today for a no-obligation discussion about your email security.