Overlay | VanRoey.be

SPF, DKIM and DMARC. Bodyguards for your E-mail reputation.

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

Attacks to steal sensitive data via e-mail are commonplace, so e-mail is involved in more than 90% of all network attacks, so ensure adequate protection and prevent your domains from being used for attacks.

Spam remains a problem, but is mostly transparent for anti-spam filters. The sender(s) and content are quickly put on the radar and appear on blacklists worldwide.

It becomes a more difficult and scary story when hackers approach people in a targeted way through impersonation. Is that mail from your CEO to make an urgent transfer‘ real? Can you trust the message from your CIO or the bank to re-register ‘ on this page’?

With the right mail server configuration:

  1. Do you prevent people from sending from your domain?
  2. Do you prevent customers or colleagues from receiving forged mails?

We secure your mail configuration on 3 levels:

SPF, Sender Policy Framework

With an SPF Record we record which IP addresses are authorized to send e-mails on behalf of your domain. This allows the recipient to verify that the received e-mail actually comes from the right server.

DKIM, DomainKeys Identified Mail

With DKIM an outgoing mail is signed with headers and a unique private key. Because this is configured at DNS level, the receiving mailserver can verify the digital signature. On the one hand you can guarantee the authenticity and avoid that your mails are marked as spam.

DMARC, Domain-based Message Authentication, Reporting and Conformance

DMARC can be viewed as automated procedures; what to do with incoming mails which may or may not comply with the SPF and/or DKIM meta values? For example: “If the DKIM signature and/or SPF is not correct, put the mail in quarantine.”

In this way, customers or colleagues can be prevented from receiving forged mails. These techniques can be applied to almost all (mail) domains. Microsoft also offers these configurations within Office 365.

Implementation

The implementation has little or no impact on the end user. The duration depends on the number of e-mail domains and the number of e-mail services used.

In preparation, we take a close look at the configuration of the current DNS records and set up a correct configuration. Next, we set up monitoring that allows us to map all the services that use the e-mail domain. This monitoring is free for Office 365 users and takes some time (+/- one month) to make sure that all e-mail services are known.

Then we validate all these services and set up the DKIM security. This allows us to authenticate the mail traffic extra. Attention, an on-premises Exchange Server needs Advanced Threat Protection or Fortimail to use DKIM.

Finally, we adjust the mailflows (DMARC) so that falsified email is automatically blocked. From then on, no more unauthorized services can send mail under your email domain.

Do you want to protect your organization against these forms of abuse? Of course you can also rely on us for this. count!

These techniques can be applied to almost all (mail) domains. Microsoft also offers these configurations within Office 365.”

Written by:

Matthias Sanne
Marketer & Graphic Designer

Joined VanRoey.be's marketing department in January 2009. His focus is on the VanRoey.be website, UI design for apps and cloud platforms, copywriting and creative marketing.

Share on whatsapp
Share on facebook
Share on twitter
Share on linkedin
Share on email

Related info