Improve email security on your domain

email-and-domain-spoofing.jpg

How to protect your business and clients against email fraud.

A professional email address on your company domain name is the first step to demonstrate that you are a legitimate business, but is it enough to protect your clients and employees against email fraud?

Email fraud is on the rise and domain spoofing (or impersonation) is one of the most common ways businesses get targeted.

According to Mime Cast’s 2020 Threat Intelligence Report, impersonation attacks increased by nearly two-thirds in comparison to the results in last year’s report – with 69% of those organisations impacted by an impersonation attack having experienced a direct loss, specifically loss of customers, financial loss, and (or) data loss.

Most notably, 88% of South African respondents experienced a phishing attack in the previous 12 months.

You might be wondering what does this have to do with you or your business?

Let’s look at an example of a normal Accounts department. An employee working in this department is used to sending and receiving sensitive financial information like customer invoices, bank statements, proof of payments, supplier invoices, etc.

As someone impersonating an employee from your Accounts department, a bad actor can reach out to your clients with fake invoices, fake bank deposit information and fake requests to login and reset their passwords on a compromised website. 

With adequate email security on your domain, much of this risk can be eliminated by enabling the receiving party’s email service to verify the legitimacy of emails sent from your domain.

While it’s not necessary for our clients to understand or even notice the technical details of the additional security precautions we take to protect their domains, it is necessary to have some understanding how these security measures work – if only to explain that they are not magic bullets or concoctions of obscure technologies, but, in fact, standard good practice – a practise we fervently hope more service providers will implement for their clients.

Here are the technologies we implement at DNS level – the server that enables the rest of the internet to find your web sites, send your emails, and is usually under the control of your ISP: SPF, DKIM and DMARC.

What is SPF?

SPF is short for "Sender Policy Framework". An SPF record let’s other servers know which networks and servers may be “trusted” to send an email on your domain name.

After sending your email, the recipients’ mail server checks the message headers to verify that your email arrived from an approved source. If it fails this check the email may be considered suspicious, potentially labelled as spam, or blocked outright. Emails that pass the SPF check will be allowed to be delivered as a legitimate email from a legitimate source.

All that is required to activate SPF on your domain is a TXT (text) record on your domain’s DNS configuration.

An example of an SPF record that instructs servers to trust email from Google (Gmail) looks something like this:

v=spf1 include:_spf.google.com ~all

SPF is commonly used in combination with another email verification technology called DKIM. Having both enabled on your domain will greatly increase security and email delivery reliability.

What is DKIM?

DomainKeys Identified Mail (DKIM) allows organizations to claim responsibility for messages they send and guarantee the contents of the messages they send. This is to prevent spoofing, where email content is changed to make the message appear to be from someone or somewhere other than the actual source.

DKIM adds an encrypted signature to the header of all outgoing messages. Email servers that get these messages use the public DKIM key to decrypt the message header and verify the message was not changed after it was sent. You can learn more about DKIM by going to DKIM.org. The group that developed the DKIM standard has published detailed explanations, how-to’s, and news about DKIM.

Now that SPF and DKIM have been configured on your domain, you need to instruct other mail servers how to react when an email sent from your domain fails any of these checks.

What is DMARC?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) itself is not an email authentication protocol, but it builds on key authentication standards SPF and DKIM.

DMARC allows an organization to publish a policy that defines its email authentication practices and provides instructions for receiving mail servers on how to enforce them.

To enable DMARC you need to add a TXT record to your DNS configuration. Make sure that both SPF and DKIM are configured for your domain.

Here is an example DMARC policy that rejects 100% of messages that fail the DMARC check and emails a daily report to two mail addresses:

v=DMARC1; p=reject; rua=mailto:postmaster@domain.com, mailto:admin@domain.com

Get expert advice

Have you been victim to or suspect that your business might be vulnerable to email fraud? Are you taking adequate measures to protect your business, clients and suppliers against these social engineering attacks?

We’re ready to help. Contact us for a free domain audit and advice on how to protect your employees and clients.

Back to blog