In today's electronic world, receiving an email scam is nothing new. But what if the scam is originating from one of your domains? If that happens, then you may want to check your domain security settings and make the necessary changes.
But before that, let's understand a little bit about what DMARC and SPF are, and what is their purpose.
DMARC: Domain-based Message Authentication, Reporting and Conformance is an email validation system specifically designed to detect and prevent email spoofing. A spoofed email is basically a forged sender address from a known or common sender address, to be used in phishing, email spam and scams. It relies on the SPF and DKIM records for your domain for a strong validation.
SPF: Sender Policy Framework is an email authentication method designed to detect the SENDER addresses in Outgoing emails. Via this record, you are able to list the authorized hosts and IPs that can send email for a domain.
DKIM: DomainKeys Identified Mail is an email authentication method designed to detect the SENDER addresses for Incoming emails. Via this record, the receiving server checks that an email claiming to be from a certain domain was indeed authorized by the owner of it.
Sending spoofed emails is nothing new. We may sometimes see an email from a friend, relative or even ourselves. Phishers, scammers, pranksters and just about anyone with evil intentions will be doing this for as long as the current technology exists. Thankfully, our clients are able to protect themselves and make it harder for attackers to spoof their email accounts via the DNS manager tools. If your domain provider does not offer this option, you should seriously consider switching out.
Within our DNS Zone editor for either your domain name or web server, we add the SPF and DKIM or DMARC records. By doing this, the domain owner will lock access to the domain to only send email through the authorized mediums. A permissive DMARC will be no good. Don't just add one to pass the verification tests. There are several online tools for free to help you generate this record. However, if you are still having trouble, contact us and we'll gladly assist you.
One of the benefits of having a good DMARC record, is that you can configure it to send you a report of spam campaigns trying to utilize your domain. This way, you can monitor if someone is tarnishing your domain's reputation with their evil intentions.
SecGuru has provided a few suggestions on how to better protect our domains from being used by Spammers and Scammers.:
Prevent sending spoofed emails:
- Create an SPF-ALL (hard fail) record with ONLY the mail servers that are allowed to send mail on behalf of your domains.
- Configure DKIM on your email servers and publish the key in a DKIM Selector record in DNS.
- Create a DMARC record which should also include the value p=reject.
- Create SPF records for EACH sub-domain.
- Create SPF records for mailserver HELO names (HELO is an SMTP command sent by an email client when connecting to its mail server).
- Create SPF Hard Fail (-all) and DMARC p=reject records for all unused or non-mail-capable domains and sub-domains
Prevent receiving spoofed email:
- Check SPF results on incoming mailservers (hard fail to reject, or soft fail to treat as spam).
- Whitelist SMTP servers that are allowed to mail on behalf of their domain and block the rest.
- Check DKIM results on incoming mailservers (if it fails the validation, the email will be rejected).
- Check DMARC results on incoming mailservers (use P= policy rules published in DNS).
We also recommend you keep gmail out of your allowed sender list, because if the scammer is using gmail to spoof you, you are pretty much allowing it as valid. We know you may love keeping it all within google and your gmail account, but your corporate email account may not be the best for that.
If you still have questions, please contact us and we'll gladly assist you.