Spam remains a problem, but is mostly transparent for anti-spam filters. The sender(s) and content are quickly put on the radar and appear on blacklists worldwide.
It becomes a more difficult and scary story when hackers approach people in a targeted way through impersonation. Is that mail from your CEO to make an urgent transfer‘ real? Can you trust the message from your CIO or the bank to re-register ‘ on this page’?
With the right mail server configuration:
- Do you prevent people from sending from your domain?
- Do you prevent customers or colleagues from receiving forged mails?
We secure your mail configuration on 3 levels:
SPF, Sender Policy Framework
With an SPF Record we record which IP addresses are authorized to send e-mails on behalf of your domain. This allows the recipient to verify that the received e-mail actually comes from the right server.
DKIM, DomainKeys Identified Mail
With DKIM an outgoing mail is signed with headers and a unique private key. Because this is configured at DNS level, the receiving mailserver can verify the digital signature. On the one hand you can guarantee the authenticity and avoid that your mails are marked as spam.
DMARC, Domain-based Message Authentication, Reporting and Conformance
DMARC can be viewed as automated procedures; what to do with incoming mails which may or may not comply with the SPF and/or DKIM meta values? For example: “If the DKIM signature and/or SPF is not correct, put the mail in quarantine.”
In this way, customers or colleagues can be prevented from receiving forged mails. These techniques can be applied to almost all (mail) domains. Microsoft also offers these configurations within Office 365.
Implementation
The implementation has little or no impact on the end user. The duration depends on the number of e-mail domains and the number of e-mail services used.
In preparation, we take a close look at the configuration of the current DNS records and set up a correct configuration. Next, we set up monitoring that allows us to map all the services that use the e-mail domain. This monitoring is free for Office 365 users and takes some time (+/- one month) to make sure that all e-mail services are known.
Then we validate all these services and set up the DKIM security. This allows us to authenticate the mail traffic extra. Attention, an on-premises Exchange Server needs Advanced Threat Protection or Fortimail to use DKIM.
Finally, we adjust the mailflows (DMARC) so that falsified email is automatically blocked. From then on, no more unauthorized services can send mail under your email domain.
Do you also want to protect your organisation from these forms of abuse? Of course, you can count on us for this too!
vat no.*
share this post:
