91% OF ALL CYBER CRIMES BEGIN WITH AN EMAIL. Properly implemented email security is the key step in protecting your company and users from cyber attack via email. Critical to email security is email authentication. Email authentication helps to improve the delivery and credibility of your emails by proving that an email is not forged. In other words, it provides a way to verify that an email comes from who it claims to be from. Email authentication is most often used to block harmful or fraudulent uses of email such as phishing and spam.
The most commonly used email authentication standards are SPF, DKIM, and DMARC. These are acronyms for text records that specifically prove and protect a sender’s authentication.
Why do we need SPF, DKIM, & DMARC?
SPF, DKIM, & DMARC solves a somewhat different piece of the email puzzle to prevent phishing and spam. This is accomplished via a combination of standard authentication and encryption tools, such as public and private key signing, and adding special DNS records to authenticate email coming from your domains.
In the early days of the internet, email was mostly used among university researchers who knew and trusted each other. Unfortunately, those days are long gone. We need all three protocols to ensure that messages can’t be easily forged and can be blocked from ever reaching users’ inboxes. SPF, DKIM, and DMARC are difficult to configure and require careful study to understand how they inter-relate and complement each other with their protective features.
- SPF allows senders to define which IP addresses are allowed to send mail for a particular domain.
- DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.
- DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.
What is SPF and why is it important?
SPF, or Sender Policy Framework, is an email validation protocol designed to detect and block email spoofing. It allows mail exchangers to verify that incoming mail from a specific domain comes from an IP Address authorized by that domain’s administrators. SPF is a “proposed standard” that helps protect email users from potential spammers. Email spam and phishing often use forged “from” addresses and domains, so publishing and checking SPF records is considered one of the most reliable and simple to use anti-spam techniques.
What is DKIM and why is it important?
DKIM, or DomainKeys Identified Mail, lets an organization (or handler of the message) take responsibility for a message that is in transit. DKIM proves three things:
- The contents of an email have not been tampered with.
- The headers in the email have not changed since the original sender sent and that there is no new “from” domain.
- The sender of the email owns the DKIM domain, or is authorized by the owner of that domain.
In other words, DKIM is a way to ‘sign’ an email with a digitally-encrypted signature. This signature is a header that is included in an email message.
What is DMARC and why is it important?
DMARC, or Domain-Based Message Authentication Reporting and Conformance, is an added authentication method that uses both SPF and DKIM to verify whether or not an email was actually sent by the owner of the “Friendly-From” domain that the user sees. In order for DMARC to pass, both SPF and DKIM must pass, and at least one of them must be aligned, ie, the information contained in one of the records matches the “friendly from” domain (e.g., sender@sender-domain.com) that the user actually sees and the from address that’s contained in the message’s header.
Any message that does not align is treated as phishing and is not delivered. Phishing is the fraudulent practice of sending malicious emails pretending to be someone else in an attempt to steal a user’s credit card information or other personal information. Therefore, with DMARC, you are protecting yourself.
We can help setup your email authentication.
