Email security is an important topic and for anyone interested in reading more about what you can do to make your email more secure (or even know what goes into that) this article covers some key points.
Email on its own doesn’t let you verify who is sending you an email. Because of this spam and phishing emails can use forged email headers to try and trick you about who is actually sending you an email. Don’t fret though, you can use SPF, DKIM, and DMARC to authenticate an email’s sender.
Here’s a quick breakdown of what the problem is and steps you can take to protect against it.
Most of the time, this is how it works:
- You write an email and send it. For example, Melanie writes an email to Martha, Melanie sends the email from her email address (email@example.com) and Martha sees that she’s received an email from firstname.lastname@example.org.
Sometimes, email headers are forged:
- John Smith writes an email. John sends an email to Martha but makes it look like the email is coming from Melanie. Martha sees an email coming from Melanie’s email address and opens the email.
In slightly more technical terms, here’s what the different domain verification factors are: domain reputation, SPF, and spoofing.
What are domain reputation, SPF, and spoofing?
- Domain Reputation - is made up of several things, essentially it’s a value which let’s you know how secure your domain is.
- Sender Policy Framework (SPF) - tells you if an IP address can send emails on behalf of your domain. Basically, an SPF record should show the email servers that you’re actually sending an email from. If there are any other servers there, you want to make sure they should be sending emails on your behalf. This is a good thing to check if you’re getting bounce backs when trying to use Wrike’s email integration.
- Spoofing - when someone sends an email and makes it look like it came from someone other than the actual sender (like in the example at the top of the post). This is called header forgery.
What affects domain reputation?
- The IP address reputation (relates to the physical IP address)
- SPF/DKIM/DMARC policies
- Digital signing methods
- Spam activity from the domain
How to check your domain reputation
- Check your domain reputation using a free resource like Sender Score.
- Check your SPF record using a service like Kitterman. Keep an eye out for SPF restrictions: there’s a maximum of 10 DNS requests per check and the maximum line length is 255 symbols (without spaces). If you need more, divide your DNS record into sections with 255 symbols in each section.
Increase Security by Using DKIM Signing
DomainKeys Identified Mail (DKIM) signature tells the email’s recipient that the email’s sender came from a domain which is authorized to send emails aka that an email is from the person it should be from.
There's a lot going on here, let us know in the comments if you have any questions!