When it comes to email security, YOU are the first line of defense to protect your customers and YOUR business's reputation. Phishing attacks account for one-third of all security violations in business today. Reducing your domain from being used in phishing attacks can be easily done, and we will cover everything you need to do. We'll do our best to make this non-technical while providing you with enough technical knowledge that you can speak with knowledge about the subject.
Below, we will cover SPF, DKIM, and DMARC. You can improve your sending reputation and email deliverability by implementing these three items together.
Email spoofing occurs when an attacker forges an email's "From" address to make it appear as if it's coming from a legitimate source. Spoofed emails can deceive recipients into believing they are from a trusted sender, leading to security risks and potential fraud.
There are billions of emails sent per day, and many are spam messages. By taking these measures, you are helping curb the number of spam messages sent out on the Internet today.
Phishing is when malicious actors forge email headers to impersonate legitimate senders, and it can be prevented by using a combination of technical measures and user awareness.
Specifies which IP addresses are allowed to send emails for a particular domain. When you add an SPF record to your DNS domain, you are adding the first level of protection to prevent spammers from spoofing your domain.
As a side benefit, this will be the first step, of many, in making your email arrive in the inbox and not be flagged as spam or bounced back by your recipient's mail servers.
A downside to using the SPF record in your DNS is that it's only part of your spoofing protection. Not every mail server checks for a SPF record, so it's only part of the solution.
The most basic level to set as an SPF record is by adding a TXT record to your DNS that says "v=spf1 mx -all" (without the quotes).
Technical Information: DKIM is exhaustively described in RFC 7208.
DKIM is your next step in email compliance and makes it so businesses can take responsibility for the emails that come from your email server. The outbound emails will be digitally signed with the mail server's domain digital signature.
Technical Information: DKIM is exhaustively described in RFC 6376.
DMARC builds upon your configuration of SPF and DKIM. This is the step most will either skip or get wrong, yet it's the most important piece in your DNS records being set up for reliable email delivery to your recipient's inbox. When setup, DMARC covers how:
Technical Information: DMARC is exhaustively described in RFC 7489.
You'll start receiving email reports once your DMARC is configured correctly. You will need to start reading and seeing what the reports say. These reports will let you identify people who are trying to send on your behalf outside of your mail server. By reading the reports and making adjustments, you can refine your email authentication policies and detect potential spoofing attempts.
When you set up your DMARC record, you will add a TXT record, and it will start with _dmarc. The structure of a DMARC record will be like the following:
The format will be similar to the one below:
v=DMARC1; p=reject; rua=mailto:dmarc-aggregate@yourDomain.com; ruf=mailto:dmarc-forensic@yourDomain.com; sp=reject; aspf=s; adkim=s; fo=0;
DMARC records are hard to understand when you just look at them. Here is the breakdown of what you have above:
Notes:
You've got your DNS now all set up according to the latest best practices, but you're not done. The next step is securing your server by using TFA to secure your mail server further. You can have everything set up correctly, but if you have a weak login process and someone logs into your mail server, they will be able to send AS YOU without any issues.
The next step is to educate and inform your users on what to look for. This should be a continual education and never stop. Key items to look for are:
Make certain your mail server, virus definitions, and malware definitions are constantly updated. Configure your mail server to reject any incoming email that fails SPF, DKIM, or DMARC checks. This will help protect your users from dealing with a good majority of spoofing attacks.
Monitor for all outbound traffic. This will be your first notification that someone may have logged onto your mail server and is sending emails under your domain.
To test our DNS email setup and the spamminess of our emails we utilize two sources.
The next level level is to test your email configuration. We personally use a service called
By staying proactive, rather than reactive, on security, you will be protecting your business and your customers. By keeping security awareness at the top of your and your user's minds, you will be less prone to having your computers compromised.