Have you ever gotten a call from someone, maybe a customer or business associate, asking whether you sent that email asking for private account information, or containing a link to some dubious looking website? This is a commonplace technique used by online scammers to trick people into divulging information that can be used to cause real harm.
Unfortuantely, we can't make this kind of bad behavior impossible, since we can't control what others on the internet do. But you can reduce the chances of it happening if you're willing to take a few basic precautions.
In this post, we'll introduce three concrete and relatively simple steps that you (or your email administrator) can take to improve the safety of email both for you and for others: SPF (Sender Policy Framework), DKIM (Domain Keys Idenfified Email), and DMARC (Domain-based Message Authentication, Reporting & Conformance).
Whenever an email arrives in someone's inbox, it claims to be from a certain sender. This is usually reported in the `From' line at the top. In addition, among the headers of an email (which you don't usually see) there is a log of the path that your email took to get to you, from its origin to destination.
One trick that scammers use to make the email appear to come from you by putting your email address in the From field. If someone who trusts you looks at the From field and sees your email address, he is more likely to read it and do something he shouldn't do.
SPF is one measure to help mitigate this attack. Here's how it works: you (or your email administrator) can set a policy on your domain (in the form of an SPF text record) that recipient servers can check independently. The record tells them which servers are allowed to send mail for you. If the originating IP address of the email (recorded in that header we mentioned above) does not match what the SPF record says it should be, then the email can be rejected.
By setting an SPF record you accomplish two things. First, you make those who receive email from you safer if their email servers take the time to verify it. Second, you will improve the reputation of your own mail sever, making it more likely that the recipient server will trust your server.
While SPF can verify the origin of the email, it is vulnerable to certain kinds of attack. We don't need to go into the details, now. Instead, let's consider how DKIM and DMARC can strengthen this approach.
DKIM takes our strategy as step furthan than SPF by providing a second means of identification, authenticating the message itself and that it has not been altered in transit.
The actual mechanism by which this works makes use of a technique called `cryptographic signing'. Your email server, if configured to do it, can produce a sigature which depends on the content of your email and a secret key, and it can include this signature in the headers of your email. When the recipient server gets the email, it can query your domain record for the public key associated with the private key your email server used. Using that public key, and a little math, the recipient server can prove to itself that the message it received is exactly like the one sent.
Like SPF, including DKIM will protect your customers and improve the reputation of your mail server.
So far so good. SPF checks the originating ip adress of the email and DKIM verfies the content of the email. DMARC provides an additional layer of security. It coordinates the results of the SPF and DKIM tests with the From address of the email, essentially checking whether the From address matches one or the other (or both) of the SPF and DKIM tests (assuming they pass).
In addition, DMARC provides you (or your email administrator) a means of informing the recipient server what you want them to do (quarantine, junk, reject, etc.) if the email they received fails the SPF, DMARC, or both tests, as well as how to report those failures if they should occur.
As with SPF and DKIM, adding a DMARC record to your email domain improves the reputation of your email server, since other email providers will see that you have taken these measures. Together SPF, DKIM and DMARC provide a stronger assurance to the recipient of your email that what appears to be from you really is from you.
Taking these steps won't prevent every abuse of email that there is, but they definitely make you, your clients and your business associates a safer on the web.
All customers of Technical Solutions email are protected by SPF, DKIM and DMARC. If you're not sure and you want know whether your email server has these three protections implemented, feel free to give us a call at (806) 352-1309!Read more