3 Ways to Protect Your Domain Email

March 26, 2020

3 Ways to Protect Your Domain Email

Your email is one of your business’ most valuable communication tools, both internally and for your customers. Most users, when receiving an email from someone, particularly if they know them and have received email or interacted by email with that person before, will instantly trust that it is legitimate. Because email has such a broad attack surface, however, inherent trust isn’t always a good thing as email spoofing on a domain without sufficient protection is very common. Here are three ways you can improve the security of your domain email and help prevent spoofed email.

SPF – Sender Policy Framework

The SPF (Sender Policy Framework) is effectively your first line of defense against email spoofing. It uses a DNS TXT record to let SPF enabled STMP servers - the server that sends emails - know what is allowed on the domain. This prevents SMTP servers from sending email ‘on behalf of’ your domain. The TXT record contains information for the sending server to reference about what servers are allowed to send mail using the domain (usually by IP address) as well as what should happen if an SMTP server tries to send email using the domain that isn’t authorized.

SPF doesn’t authenticate the ‘from’ field, nor does it have any reporting capability.

DKIM – Domain Keys Identified Mail

DKIM (Domain Keys Identified Mail) uses a slightly different method. It gives any emails sent from your domain a digital signature, which is added to the header of the email. This signature is then verified by the recipient server as authentic, and as an assurance that the email was sent by an authorized user of the sending domain. The public key is used to verify this digital signature and is stored in a TXT record on the domain’s DNS records.

This improves email deliverability and protects against email spoofing. It can be used in conjunction with SPF to further increase email security.

DMARC – Domain-based Message Authentication, Reporting, and Conformance

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is essentially a combination of both SPF and DKIM to both determine the legitimacy of an email and to create reports based on defined criteria about the deliverability and any attempts to spoof email that have occurred. DMARC is currently the gold standard in email domain protection. Read this blog post fraudwatchinternational.com/dmarc/why-every-business-should-implement-dmarc/ -it does a great job of explaining why implementing DMARC should be a priority.

It works by allowing domain administrators to instruct email systems on how to process or handle email that did not pass SPF or DKIM authentication – either sending them to junk emails, having them blocked or processing them as normal. While not all servers and ISPs perform DMARC checks yet, the list is growing by the day of those who do.

Protecting your domain against spoofed email doesn’t have to be something you need to dedicate a lot of time or energy to if you take the correct steps in configuring these protection methods. There should always be a level of monitoring for the reports generated from these systems, however. Cybersecurity is a holistic practice that requires giving attention to many different areas and only with a solid plan can you be successful in mitigating these threats.

Photo by Miguel Á. Padriñán from Pexels

Take the next step

Buy My Book
"Take your Shot"

How to Grow Your Business, Attract More Clients, and Make More Money. Learn to change your perceptions of your own business so that you get out of your own way.

Find out more

Are You Ready to Put Your Prices Up?

Answer 40 questions and we’ll send you a personalised report with feedback tailored to your specific needs. It quick and free and you get a FREE copy of Take Your Shot.

Take the Fearless Quiz

Want to work with Robin?

Sometimes it's difficult taking the first steps; in reality it's easy. Hit the big red button below to book your Diagnostic Call.

30 Minute Diagnostic Call