The secure configuration of email domains has recently become an important topic for customers because email continues to be a primary attack vector for malicious actors and pressure and scrutiny is going up from industry regulations, auditors, and cyber insurance carriers.

There are multiple aspects for how to secure your email domain and it can be overwhelming to try and understand what they all do and how they work together. Let’s take a look:

Sender Policy Framework (SPF) hardens your DNS servers and restricts who can send email from your domain.  In a nutshell, this keeps other bad actors from spoofing your mail domain and sending email “as you.”

DomainKeys Identification Mail (DKIM) ensures that the contents of your email messages remain trusted and haven’t been tampered with or compromised.

Domain-based Message Authentication, Reporting, and Conformance (DMARC) ties SPF and DKIM together with a consistent set of policies around enforcement.

The first step in securing your company’s email is to make sure that your email domain is configured to properly honor sending domain’s SPF, DKIM, and DMARC policies, which requires minimal work.  With this configuration, you are telling your email system to read the DMARC policy for any domain that sends you email and follow its rules.

In summary:

• Configuring your company’s email system to honor DMARC policy is a good first step to protect your organization’s users from potentially spoofed messages
• Fully configuring SPF, DKIM, and DMARC puts the framework in place to protect your end customers from receiving email that looks like it is being spoofed from your domain

If you want to properly configure SPF, DKIM, and DMARC for your own mail domain, it will require making changes to your public DNS and MX records as well as to the configuration of your email system.

If you have any questions or would like to discuss the best way to secure your email domain using SPF, DKIM, and DMARC please reach out to CMA Technology Solutions today.