SPF/DKIM/DMARC are protocols that you as a Business Owner can use to further secure your Domain and significantly reduce Cyber Attacks using email as a vector.
Why do I need it?, I hear you asking yourself;
One of the most prevalent ways Mr Cyber Thief is going to try and commit fraud is by sending emails that appear to come from some known/trusted source and thereby fool a recipient. This action can result in many problems for the Recipient and their Environment.
The Recipient could inadvertently install some virus/malware/ransomware/unwanted software on their pc thereby compromising their environment.
The Recipient could receive an email requesting payment to your Organisation, but to a fraudulent Bank Account. (The common ‘Our Banking Details have changed’ emails that everyone is familiar with these days).
The Recipient could receive a Phishing Email that compromises some Online Account. (‘Please click on the following link to download the Invoice you owe’ phishing email, or all the other variants of this).
By not having SPF/DKIM/DMARC Policies in place for a Domain can have a rather nasty knock-on effect to multiple parties. As such, as part of being Responsibile Netizens, it is imperative to have these policies in place for all Domains that are setup to send and receive email. This protects Recipients, but just as importantly, protects your Business and its reputation. (And possibly protects you by not having one of your Customers lose money because they think they’re paying you but they ended up depositing money into someone else’s Bank Account)…
How it works;
The first component is called an ‘SPF’ Record. This DNS Record defines which Mail Servers are authorised to send email on behalf of your domain. (SPF – Sender Policy Framework)
When a Mail Server on the Internet somewhere, receives an email supposedly coming from your domain, it does an SPF Record lookup with your DNS Server and checks if this Sending Server is authorised for your Domain. If the Server is authorised, the email is marked as ‘SPF Pass’. If not, the email is marked as ‘SPF Fail’.
The next component of protection is a DKIM record, (DKIM – DomainKeys Identified EMail). This record gives the Receiving Mail Server the ability to see if the incoming email has been digitally signed correctly. If the Incoming Email has the correct Digital Signature, the email is marked with a ‘DKIM Pass’. If the Incoming Email has not been signed correctly, it is marked as ‘DKIM Fail’.
The third component is the DMARC Policy. (DMARC – Domain-based Message Authentication, Reporting & Conformance). This record tells the Receiving Mail Server what to do if SPF and/or DKIM Fails and if reports should be generated. It is the DMARC Policy that gives you the ability to monitor what is happening with your domain with regards emails being sent from it.
The last component is to setup Digital Signing of Outbound Emails on Your Authorised Mail Servers as well as correctly identify all Servers that actually send email on behalf of your domain. This needs to include Servers that may send out email other than the Users. This includes any email that does not flow through your ‘default’ mail system such as your Office 365 Account. This could include Marketing Email sent out as broadcasts, Accounts Related emails that are generated in 3rd Party systems and then emailed out through 3rd party servers or possibly Ticketing Systems that you may use. These all need to be included in the Policies, otherwise these may end up failing and not being delivered.
These policies are all very Technical and require a background and understanding of DNS Servers. As such, We have put together a Managed Service whereby we assist you in implementing the necessary Policies and then managing them going forward.
Should you want us to assist, please complete the following form and we will be in contact with you.
Remember – SPF/DKIM/DMARC are protocols that you as a Business Owner can use to further secure your Domain and significantly reduce Cyber Attacks!
