Spoofing is a common challenge that organizations face in today’s world. Spoofing can lead to increased spam and more intensified phishing campaigns leading into malware and crypto-ransomware attacks. To reduce spoofing and provide a safer client experience, multiple technologies are available to reduce and prevent spoofing.
Office 365 already supports inbound validation of DomainKeys Identified Mail (DKIM) and Domain-based Messaging and Reporting Compliance (DMARC) mail. Both technologies check for trusted authenticated senders and help identify untrusted ones that that fail authentication. Sender Policy Framework (SPF) is a companion technology that helps prevent spoofing. SPF identifies which mail servers are allowed to send mail on your behalf. Basically, SPF, along with DKIM and DMARC, provide the best technological options to prevent email spoofing and phishing.
As a top Microsoft Office 365 partner in the United States, we have been able to help our clients use this technology to overcome this growing email challenge. It’s not uncommon to see the exact same issue in several organizations that reach out to us for help. Let’s breakdown these technologies that can help you protect your organization too.
Tools to Reduce and Prevent Email Spoofing and Phishing
- Sender Policy Framework (SPF)
SPF permits organizations to specify which mail servers are permitted to send on their behalf. Every customer on Office 365 has added an SPF record as it is a required record to utilize the service.
- DomainKeys Identified Mail (DKIM)
DKIM allows the organization owning the signing domain to claim some responsibility for a message by associating the domain with the message. Organizations that have enabled DKIM will allow senders to insert a digital signature into the message, which in turn is verified by the receiving party. DKIM allows senders to build domain reputation, which is important to ensure email delivery and provides senders a non-spoofable way to identify themselves. It is a critical component of email protection. Office 365 already performs DKIM checks on inbound email.
- Domain-based Messaging and Reporting Compliance (DMARC)
DMARC, by its design, prevents email spoofing and helps stop phishing. Specifically, it protects the case where a phisher has spoofed the 5322.From email address, which is the email address displayed in mail clients like Outlook. Whereas the Sender Policy Framework (SPF) catches the case where the phisher spoofs the 5321.MailFrom, which is where bounce messages are directed, DMARC catches the case that is more deceptive. DMARC protects users by evaluating both SPF and DKIM and then determines if either domain matches the domain in the 5322.From address.
I know all these acronyms can get confusing. There might still be a swirl of questions circling in your mind. What does it mean? How does it work? Why should I care? At Sikich, we like to make life easier, so we’ve laid it all out for you in the summary below.
|What does it stands for?||Sender Policy Framework||DomainKeys Identified Mail||Domain-based Message Authentication, Reporting and Conformance|
|What is it?||A system to declare and verify who can send e-mails from a given domain.||An e-mail authentication system based on asymmetric cryptographic keys.||An e-mail authentication system that helps determining what to do when messages fail SPF or DKIM checks.|
|How does it work?||The receiving host checks if the sending host is allowed to send e-mails from the sender domain.||The sending host signs email body and/or headers with its private key. The receiving host verifies the signature, identifying if the fields are intact.||The receiving hosts applies the DKIM and SPF checks. Then it validates the results against the published DMARC policy and decides what to do: Block, quarantine, deliver, report to sender.|
|Why is it important?||It helps preventing spoofing and can prevent damage to your brand.||Greatly reduces the chances that your messages are treated as spam by digital signature.||Helps receiving organization decide what to do with e-mails that fails checks and create a feedback loop to allow course correction.|