In a recent article, we talked about the dangers of whitelisting and the issues that can be caused by allowing a domain to deliver emails without checks. One of the points we raised was that technically anyone, from anywhere, could send emails using your email address as the sender. – which is really concerning! The only thing stopping this from happening is a set of technologies. These are designed to allow only approved sources to deliver emails as your address. Bear with us while we talk a little more about them and why they are important to your business.

These three technologies are called SPF, DKIM, and DMARC.

SPF

SPF is a publicly hosted list of IP addresses that are allowed to send emails using your email address. In most situations, it is enough to prevent abuse but there is one issue; SPF only checks against the “Return-Path” address. This means that an email such as the below is possible:

Email from: CEO@yourdomain.com
Subject: Please purchase $700 of Giftcards urgently
To: reception@yourdomain.com
Return-Path: Hacker@baddomain.com

In this example the hacker at baddomain.com can create his own SPF record that includes his baddomain.com server address and therefore allows the email to get through to you.

DKIM

The next technology is DKIM. DKIM is almost like the wax seals on letters from old time that would have a personalised designed to attest of the identity of the sender and to prove the contents were not forged or tampered with. The problem here is that the DKIM record can technically be any domain you want and doesn’t have to match the “from” address. This means that an email such as the below is possible:

Email from: CEO@yourdomain.com
Subject: Please send me your password; I need to check your email history urgently
To: reception@yourdomain.com
DKIM signature domain: baddomain.com

You can see the DKIM Signature line allows any malicious actors to pretend to be you.

If SPF and DKIM can’t protect you fully, what can help? We’re glad you asked! DMARC is the answer!

DMARC

DMARC is a technology that checks the SPF and DKIM details to then compare them to the “from” address. If both of these addresses don’t match, it then marks the email  as an impersonation and protects both you and your customers from receiving that email. Examples like the below are stopped in their tracks:

Email from: CEO@yourdomain.com
Subject: Please urgently update the payment details for the attached invoice
To: reception@yourdomain.com
Return-Path: Hacker@baddomain.com
DKIM signature domain: baddomain.com

There are a few legitimate cases where the SPF won’t match the “from” and return-path addresses in DMARC such as Salesforce and Mailchimp emails as well as out-of-office emails. In those situations, DKIM will then be used to validate the “from” and DKIM addresses through DMARC. This requires participation from your email service provider to make sure DKIM is working correctly.

With all these in place you can send emails safely knowing that your domains aren’t being used to mislead your staff and/or customers.

Confused?

We talked about SPF, DKIM and DMARC and likely you might now be confused as to how you should manage all of these settings? Easy… At Correct Solutions, we can do a big chunk of it for you. One of the advantages of being with us and on our Network Care plans, is that we can handle IT requirements and policies for you so that we can ensure your clients won’t receive emails pretending to be coming from you!

If you haven’t subscribe yet to one of our agreements but you really need the help of a Managed IT Services provider, well you know how you can fix that… email us or call us on 02 8831 8200 and we’d be happy to chat.