Email is a critical part of your business. You use it to communicate with customers, suppliers and partners on a daily basis for your company to function and to stay profitable. At one time all you required was a mail server at your office, setup a few MX Records and PTR DNS records and your off to the races.
Now you require spam filters, SSL certificates along with other technologies such as SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-Based Message Authentication). Domain spoofing is a common form of phishing. It occurs when an attacker appears to use a company’s domain to impersonate a company or one of its employees such as sending invoices that appear to come from your domain.
Clustered Networks can perform a security check on your domain or domains, so that your email will flow properly and get to the proper recipients so that you can conduct your business successfully.
Give us a call and talk to an expert who has more than 20 years experience specializing in email services.
Below are some of the security technologies we can assist you with.
If DNS is the phone book of the Internet, DNSSEC is the Internet’s unspoofable caller ID. It guarantees a web application’s traffic is safely routed to the correct servers so that a site’s visitors are not intercepted by a hidden “man-in-the-middle” attacker. These attacks usually go unnoticed by sites’ visitors, increasing the risk of phishing, malware infections, and personal data leakage.
Phishing involves sending fake emails by impersonating a sender. SPF helps weed out abusive emails and detect forgery. It allows recipients to verify sender identity (at the organizational level) by allowing domain owners to publish, via DNS, the IP addresses that are authorized to send emails from the specified domains. SPF also allows domain owners to specify email sending policies—such as what recipients should do with an email that fails an SPF check. SPF requires domain owners to make this information available in an SPF .TXT record in their domain name server (DNS). When the recipient’s email server gets the message, it checks the authenticity of the sender’s address to see if it matches the published list of IP address in the domain owner’s SPF records. If this does not check out properly, the email message can be construed as forged. Not all email servers support SPF. However, this important layer of protection.
DKIM takes email sender identification a step further by associating a domain name and owner to the content of the email message, allowing the organization to vouch for the content of the message. This is accomplished by cryptographic signing of the content. Therefore, if you want to send a DKIM- signed message, your email administrator can implement a DKIM signing agent, such as the McAfee Email Protection solutions. Once available, the signing agent generates a cryptographic key pair— one private, one public. The private key is used by the signing agent to sign messages coming from your organization. The public key is made available to recipients via special DKIM-specific DNS .TXT records. The receiving organization can then use the public key to verify the signature, thus giving them a firm determinant as to whether or not the message content is vouched for by the sending domain’s owner. The signature verification also facilitates the receiving organization’s ability to make sure that no one altered the signed portions of the message while it was on its path to the recipient. It is important to note that DKIM by itself isn’t a good way to determine whether messages are spam, but it can be a reliable method of verifying a sender. As DKIM.org suggests, “Receivers who successfully validate a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behavior, although the DKIM specification itself does not prescribe any specific actions by the recipient.”
The reason DKIM alone is not a good basis for spam detection is that it’s easy for spammers to set up and use DKIM just like anyone else. A better, more robust choice is deployment of an email security solution with options that allow you to deliver, tag, or deny a subject in certain situations: “when a DKIM signature is present but not valid,” when “no DKIM signature is present,” or when “a valid DKIM signature is present.” And even better is a solution that includes message reputation services that identify email messages carrying malicious payloads—even if the sources appears to be reputable, such as whitelisted companies.
DMARC improves on SPF and DKIM by giving sending organizations a stronger means of communi cating the confidence of their SPF and DKIM implementations and by providing a framework for receiving organizations to provide feedback to sending organizations, including detailed information on who is attempting to spoof sender domains.
DMARC leverages SPF and DKIM, but unlike these two authentication methods, DMARC enables domain owners to publish policies that can be considered by recipients when handling SPF and DKIM failures. Policy actions can include: do nothing at all, quarantine, or reject the spoofed email. These types of policies significantly reduce user exposure to fraudulent and potentially malicious email. Most importantly, with DMARC, email receivers can report back to senders critical data about the messages that pass or fail DMARC authentication, so that senders can take the appropriate steps to improve their sending posture. For example, using DMARC feedback, an organization may determine that there are valid IP ranges that are not included in their SPF records, allowing them to update the records and increase the accuracy of their DMARC posture.
Just because you have implemented some or all of these email sender identity technologies doesn’t mean you are covered. It’s important to thoroughly understand the limitations and best practices to solve the problem you are grappling with. Ultimately, every company is a sender and a receiver. It’s in everyone’s best interest to keep raising the bar on email security by properly and diligently implementing email sender identity technologies to cover all the bases and prevent phishing or spear‐phishing campaigns from opening the door to malicious threats that could compromise sensitive data and business operations. Technologies that offer protection both at the time a message is scanned at the gateway and when the message is clicked on by the user are also key components for a layered protection strategy. Core technologies like global threat intelligence that provide message reputation, file reputation, and sender reputation offer additional protection against known and emerging malware‐based threats.
Located in Edmonton, AB Canada, Clustered Networks was Incorporated in 2001 and has offered Network / Internet and IT Consulting services for over 20 years. We offer personalized service!