Phishing scams cost American businesses half a billion dollars a year. No business is immune from Business Email Compromise and attempts by criminal groups to compromise legitimate business e-mail accounts, it seems. There have been victims in all 50 states, and for the most part no one segment is targeted more frequently than another.
Email authentication is one way to help prevent these phishing attacks, by providing a way to verify that an email comes from who it claims to be from. In practice, this refers to technical standards that make this verification possible. The most commonly used email authentication standards are SPF, DKIM, and DMARC. These standards were designed to supplement SMTP, the basic protocol used to send email, because SMTP does not itself include any authentication mechanisms.
Sender Policy Framework, or SPF, is an open standard that specifies a method for preventing sender address forgery. It helps to control and even stop attempted sender forgeries. SPF allows senders to define which IP addresses are allowed to send mail for a particular domain. Recipients can then check that list of IP addresses to verify it's from one of those which are authorized.
DKIM, or DomainKeys Identified Mail, is a TXT record published in your Domain Name System (DNS). It involves something that all IT admins should learn to love: keys—public keys to be specific. DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.
With DKIM, public and private key pairs are generated to keep mail servers and communications authenticated. Each outgoing Simple Mail Transfer Protocol (SMTP) server needs the right private key and prefix in order to match a public DNS record that the receiving mail server then verifies.
Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication,” according to dkim.org. In other words, DKIM uses keys to make sure an email sender is who they say they are.
DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.
DMARC enables the message sender to indicate that their messages are protected with SPF and/or DKIM. A DMARC policy applies clear instructions for the message receiver to follow if an email does not pass SPF or DKIM authentication—for instance, reject or junk it.
Guardian Digital goes beyond standard measures to protect our customers. We've implemented not just pre-defined rules and secure email policies, but also the latest email security protocols including SPF, DKIM, and DMARC to track the reputation of the sender.
- Sender-recipient relationship
- Intelligent language filters
- Domain reputation & age
- Email headers and envelope attributes
- Email content