Header image overlay

SPF, DKIM and DMARC. Bodyguards for your E-mail reputation.

Attacks to steal sensitive data via e-mail are commonplace, so e-mail is involved in more than 90% of all network attacks, so ensure adequate protection and prevent your domains from being used for attacks.

Spam remains a problem, but is mostly transparent for anti-spam filters. The sender(s) and content are quickly put on the radar and appear on blacklists worldwide.

It becomes a more difficult and scary story when hackers approach people in a targeted way through impersonation. Is that mail from your CEO to make an urgent transfer‘ real? Can you trust the message from your CIO or the bank to re-register &#8216 on this page’?

With the right mail server configuration:

  1. Do you prevent people from sending from your domain?
  2. Do you prevent customers or colleagues from receiving forged mails?

We secure your mail configuration on 3 levels:

SPF, Sender Policy Framework

With an SPF Record we record which IP addresses are authorized to send e-mails on behalf of your domain. This allows the recipient to verify that the received e-mail actually comes from the right server.

DKIM, DomainKeys Identified Mail

With DKIM an outgoing mail is signed with headers and a unique private key. Because this is configured at DNS level, the receiving mailserver can verify the digital signature. On the one hand you can guarantee the authenticity and avoid that your mails are marked as spam.

DMARC, Domain-based Message Authentication, Reporting and Conformance

DMARC can be viewed as automated procedures; what to do with incoming mails which may or may not comply with the SPF and/or DKIM meta values? For example: “If the DKIM signature and/or SPF is not correct, put the mail in quarantine.”

In this way, customers or colleagues can be prevented from receiving forged mails. These techniques can be applied to almost all (mail) domains. Microsoft also offers these configurations within Office 365.

Also prevent phishing & risky behaviour
You invest in firewalls, antivirus and advanced security infrastructure ... but often people are forgotten in the protection model. While 40% of your employees tend to click on phishing emails!

Implementation

The implementation has little or no impact on the end user. The duration depends on the number of e-mail domains and the number of e-mail services used.

In preparation, we take a close look at the configuration of the current DNS records and set up a correct configuration. Next, we set up monitoring that allows us to map all the services that use the e-mail domain. This monitoring is free for Office 365 users and takes some time (+/- one month) to make sure that all e-mail services are known.

Then we validate all these services and set up the DKIM security. This allows us to authenticate the mail traffic extra. Attention, an on-premises Exchange Server needs Advanced Threat Protection or Fortimail to use DKIM.

Finally, we adjust the mailflows (DMARC) so that falsified email is automatically blocked. From then on, no more unauthorized services can send mail under your email domain.

Do you also want to protect your organisation from these forms of abuse? Of course, you can count on us for this too!

vat no.*

 

These techniques can be applied to almost all (mail) domains. Microsoft also offers these configurations within Office 365.”

share this post:

Since 18 October, NIS-2 is officially in force! Together with our partners, we are organising a Cybersecurity Workshop on 30/01 to share practical insights and tools that you can apply immediately to protect your organisation and become NIS-2-compliant.