Cyber Security Landscape
In today's age of increasing cyber security threats, we are on a never-ending quest to increase our personal and corporate security. We add multifactor authentication (MFA) to all our password-based logins to lock them down. We try to use different passwords across all our web portals so that we will avoid being fully compromised if one of our passwords is leaked to the dark web or phished from a malicious email campaign. Network Admins are also tasked with locking down network access whether it be data coming into the network or leaving. We put a lot of effort into hardening our perimeter as this is typically the best option with the most tangible results.
Cyber Security as a Joint Effort
Cyber Security is not a singular effort that each company must manage and maintain for itself. The landscape of online security is a joint effort where everyone's small improvements raise the bar for all others online. There are changes that can be implemented for your company's outbound emails, that will help other companies validate and authenticate emails coming from you. Improving your company's email presence helps other companies fight and block spoofed emails coming from your domain(s). Spoofed emails are emails that come from a malicious source but are presenting as if the email came from your company. Spoofed emails are common for domains that do not provide others with tools to authenticate their mail as legitimate messages from your organization. With the proper records and protocols in place, other companies can verify the legitimacy and authenticity of all email bearing your company's domain.
Enter, DMARC, DKIM and SPF Records...
What is SPF and how does it work?
SPF (Sender Policy Framework) is the most basic and widely used method currently employed for email verification. SPF records verify that a mail server is authorized to send email for the specified domain. It’s a public whitelist for IP addresses and services that are allowed to send email on your company's behalf. If your company has email marketing blasts or uses a third-party tool to send automated emails to clients, you probably have an SPF record already set. Without an SPF record, these emails would not reliably reach their recipients. This method alone is not a foolproof way of protecting your email domain.
What is DKIM and how does it work?
DKIM (DomainKeys Identified Mail) is a standard for email authentication that allows the receiver to check that an email was actually sent from and authorized by the owner of that domain. DKIM adds a digital signature to the email header and secures it with encryption. Once the receiver verifies the email signature, it knows that the message was not modified in any way during transit and that it came from yourdomain.com. Implementing DKIM will improve deliverability, but is only one part of a three-part system to protect your company's email.
What is DMARC and how does it work?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that is built on top of DKIM and SPF records. It essentially sets a policy for how other domains handle messages from yourdomain.com and what to do with messages that do not "pass" the policies defined in DKIM and SPF. These three systems work hand in hand to protect your email domain and improve your company's authenticity and deliverability to recipients. It raises the bar for your company's online email presence. DMARC is an emerging standard that all companies are adopting. When this becomes common across all email domains, the bar will have been raised, thereby improving the shared email-scape we all work and play in.
Conclusion? Deploy All Three Protocols
All three protocols should be used together as they are not a complete system when deployed independently. Each piece plays a part in enhancing your domain's email security and authenticity. Enhance your company's online email presence. Reduce the risk of your company being used by a malicious attacker to target unsuspecting victims. Provide other companies the tools they need to authenticate your emails as legitimate.
If you have questions about your company's online email authenticity or want to enhance your security and email reputability, reach out to Beringer Technology Group to help implement these standards.
Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution also provides expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing, Email Security Implementation and Training, Unified Communication Solutions, and Cybersecurity Risk Assessment.