AN UPDATE FROM . . .
NETWORK SERVICES Using SPF, DKIM, and DMARC to secure Email Spam, spoofing, phishing, and other email abuse have been a problem on the Internet for a long time. As the number of people and devices have increased over the years, so has the email abuse. The big email hosting services like Google, Microsoft, Yahoo, and AOL have their in-house tools and algorithms to determine whether an email is spam or not. They have their own internal black lists of potential spammers and it works for the most part although they do flag valid email as spam on occasion. In the last 4 or 5 years, entities like large corporations, small businesses, universities, and schools have implemented some tools that help secure their email. They are SPF, DKIM, and DMARC and are implemented as a DNS text record. SPF (Sender Policy Framework) is a list of email server IP addresses and third-party domains that are authorized to send email for your domain. The fact that the owner of the domain manages this list helps verify the authenticity of the email. SPF is the most common tool that is used and is required by most email providers if you want to send email to their hosted accounts.
By Jeff Opincar, Network and Systems Analyst, Connect Network Services
DKIM (DomainKeys Identified Mail) verifies the authenticity of an email message using public and private keys. The DNS text record contains the public key so when your organization sends an email with the private key, it is verified by the receiving email server using the public key. This guarantees that the message wasnâ€™t hijacked or tampered with during delivery and is trustworthy. DMARC (Domain-based Message Authentication, Reporting and Conformance) is another tool to help prevent spam, spoofing, and phishing. It allows a domain administrator to create a policy that determines what a remote email server will do if an email doesnâ€™t pass the SPF and DKIM checks. It can reject or quarantine (which sends the message into the junk folder of the receiver), or it can monitor and then send a report to the email or domain administrator. The DMARC is designed to minimize false positives and reduce the spam and phishing delivery via a policy. The battle with email abuse will go on for a long time but these tools can help minimize the amount of bad email messages that are traversing the Internet. It not only helps your organization, but the Internet community as a whole. SPF text records are pretty much a requirement now, but DKIM and DMARC are worth a look to further secure your email.
INFORM is the digital magazine of Connect