Protect your domain with SPF, DKIM and DMARC
Everybody knows that validating inbound email is key in protecting users from malware, phishing, CEO fraud, whaling and other buzzwords. Unfortunately, that does not seem enough to win the battle against phishing scams.
Protecting your domain from being used is at least equally important. Techniques such as SPF/TXT records are becoming widely used with success. By also adding DKIM and DMARC records, you can finalise your configuration.
SPF – Sender Policy Framework
SPF is designed to correct shortcomings in email. Through the ‘from’ field, which is not entirely secured, a cybercriminal can present himself as another. SPF is a simple email validation system in which an email server checks the SPF record in the DNS when it receives an email. If the email server from which the email is received is present in the record, it will receive an SPF PASS and the email will be processed further. If not, the email will receive an SPF FAIL and it is up to the mail server to determine what these emails marked with SPF FAIL will do. A spam filter will almost always classify SPF FAIL emails as spam and delete them.
DKIM – Domainkeys Identified Mail
Whereas SPF is an anti-spam technology, DKIM is an authentication technique that allows the recipient to check if the email has actually been sent and authorized by the owner of the domain. This is done by giving emails a digital signature. This DKIM signature is a code that is added to the header of a message and is encrypted.
DMARC – Domain-based Message Authentication, Reporting and Conformance
The latest addition to the spam-fighting family is DMARC. It is a policy in a DNS record that indicates that you use SPF and/or DKIM for your outgoing emails. That’s not all though, DMARC also contains important directions for the recipient on what to do if the email fails the SPF or DKIM test. It is not without reason that DMARC is supported by the world’s largest internet organizations such as Google, Microsoft and Facebook, and already protects more than half of all email boxes.
Are you already doing everything you can to protect your domain?