Skip to content

Domain Security

With the ever-changing security threats in the IT world, various companies like Google and Microsoft are tightening their security requirements around domains and emails. Increasingly, this is causing emails to be blocked / lost, invoices to go missing and much more. This is all due to the fact that they are deemed to be “Suspicious, Threatening or Potential Fraud”. With these changes, if your security is not continually monitored, maintained and updated then either information will be lost, or these threats will affect your business. As such a standard has been created to monitor this, which will enhance your ability to continue to operate efficiently and safely. 

We have outlined the process in more detail below.

WHY AND HOW SPF, DKIM AND DMARC ARE ALL ESSENTIAL TO YOUR EMAIL SECURITY

For email, it’s far too late for security by design. Unfortunately, adding security as an afterthought is not easy, especially when you must guarantee backwards-compatibility with something that’s already been globally deployed. This is where essential additional standards – SPF, DKIM and DMARC – come in.

When the first emails were being exchanged at MIT in 1965, security wasn’t an issue – they were all on the same mainframe (carefully nurtured in its air-condition room). SMTP wasn’t created until 1982, also at a time when cyber security simply wasn’t a consideration. There was no authentication, no confidentiality, no integrity checks and no protection from unsolicited messages. Life was simpler then. However, as soon as email’s popularity escalated, the problems – and vulnerabilities – soon became clear.

In an effort to make email more secure, SPF, DKIM and DMARC have since been added to email. None of them are perfect – but they are important.

SPF prevents spoofing – up to a point

By defining an SPF (Sender Policy Framework) policy, you can prevent malicious actors sending email while pretending to be your organisation. Configuration is easy and relatively risk-free: you just need to map all the IP addresses that your organisation uses to send email, which is a small amount of effort for the benefit obtained. Unfortunately, SPF is far from being the perfect spoofing solution, but it is much better than nothing.

DKIM guarantees the integrity of email content

Setting up DKIM (DomainKeys Identified Mail) requires a little more effort than SPF, but it is safe. If you misconfigure it, email will not get lost. DKIM checks the email’s electronic signature to determine if it has been modified or tampered with. If the signature is valid, you know that you can rely on the content of the email. This signature is automatically added and checked by mail servers, and the user doesn’t need to do anything. Again, this doesn’t completely solve the phishing problem.

DMARC checks the email’s credentials

DMARC stands for Domain-based Message Authentication, Reporting and Conformance. The DMARC policy checks that the sender displayed to the recipient matches what’s being identified through SPF or DKIM. The email must be sent from an authorised IP address for that domain (SPF is ok), or it must be signed with a legitimate key of that domain (the DKIM signature is ok), otherwise it will not be delivered.

DMARC is configured by the email administrator of the sending domain. And although it provides excellent protection against spoofing and impersonation, the configuration is not straightforward.

Contact us to review your SPF, DKIM and DMARC records.