EMAIL SECURITY FUNDAMENTALS

/ Cyber Security / By

INTRODUCTION

SPF, DKIM and DMARC are the foundation of email security and authentication. When used collectively they significantly reduce the likelihood of your domain being used by unauthorised parties such as spammers and cyber criminals. All too often we see businesses with these configured poorly and yet they could help stop your business or clients from being scammed for free!

So let’s answer these questions:

What is SPF?

SPF, or Sender Policy Framework, is simply a list of servers that are allowed to send emails from your domain.

 

Think of an SPF record as a party guest list, only people on the list are allowed in, everyone else is turned away. At least this is true when the SPF record is set up following the best practices. A poorly configured SPF record is just as bad as not having one.

 

When a receiving email server processes an email from your domain, it can check the published SPF record to ensure the email originated from an allowed location. If not, the email server can tag the email as suspicious and either block it or send it to the recipient’s junk or spam folder. Some receiving mail servers will look at the record as guidance, opposed to a dictation. This is why it’s important to use SPF along with DMARC and DKIM (we’ll get to those other two shortly).

Best Practices

  • Only one SPF record should be published on the domain. Multiple records can contradict one another and cause issues for mail servers checking the record.
  • Pay attention to the formatting of the record. Mistakes like; double, leading, and trailing spaces, duplicated syntax, and positioning of the syntax can cause issues when email servers are processing the record.
  • Unless testing, set the record to Hard Fail (-). Using Soft Fail (~), Pass (+) or Neutral (-) syntaxes arguably makes the record redundant.
  • Keep the number of allowed servers to a minimum. The more allowed servers, the greater the risk of an email being allowed. Some mail systems will simply ignore the SPF record completely if the allowed list is too big.

An example of a good SPF record:

v=spf1 include:spf.protection.outlook.com include:spf.uk.exclaimer.net -all

In this example, only emails originating from within Microsoft 365 and Exclaimer are allowed. Receiving mail servers are instructed to Hard Fail (-) emails sent from anywhere else.

What is DKIM?

DKIM, or DomainKeys Identified Mail adds a digital signature to every email sent from your mail server. With a corresponding public key published on your domain.

 

Like how you would sign a letter, or a contract, receiving mail servers can verify the signature using the public key to ensure the email has been sent legitimately and has not been compromised along the way.

 

For the most part, DKIM is either on or off. There is very little variation in the records and implementation will depend on what email platform you are using.

Best Practices

  • Switched on

What is DMARC?

DMARC, or Domain-based Message Authentication Reporting and Conformance contains details on how receiving mail servers should process emails sent from your domain. DMARC records dictate how malicious emails are processed, whether allowed (not recommended), blocked, or processed into a quarantine or Junk folder.

 

Simply put, DMARC sets the actions that a receiving mail server should use in the event an email from your domain should fail SPF or DKIM checks.

 

The DMARC record should also contain information on how receiving mail servers can report check statuses to domain admins. These are known and forensic and aggregate reports. These reports are invaluable to domain admins when it comes to monitoring the health of a mail system.

 

DMARC goes hand in hand with SPF and DKIM. Should your email fail SPF or DKIM checks, the receiving mail server will look for a DMARC record to understand how best to process the email. Similar to SPF, a poorly configured DMARC record can render it, and therefore SPF and DKIM, redundant.

Best Practices

  • Only one DMARC record should be published on the domain. Multiple records can contradict one another and cause issues for mail servers checking the record.
  • Pay attention to the formatting of the record. Mistakes like double, leading, or trailing spaces and duplicated syntax can cause issues when email servers are processing the record.
  • Unless testing, the DMARC policy should be set to either quarantine or reject failed emails depending on your requirements.
  • Unless testing, the percentage syntax should be set to 100. When less than 100%, failed emails can be allowed through.
  • The subdomain syntax should be used to reject or quarantine emails originating from a subdomain. Unless your domain is legitimately sending from a subdomain.
  • The RUF and RUA syntaxes should be used to allow receiving mail servers to send periodic reports to the domain admin for monitoring.

An example of a good SPF record:

v=DMARC1; p=quarantine; pct=100; sp=reject; ruf=mailto:postmaster@example.co.uk; rua=mailto:postmaster@example.com

In this example, 100% of emails that fail SPF or DKIM checks are quarantined. Emails originating from a subdomain are rejected and a destination for forensic and aggregate reports has been provided.

WHERE DO I CONFIGURE SPF, DKIM, OR DMARC?

All of these items are configured on your email domain hosting platform, though sometimes productivity suites such as Microsoft 365 or Google Workspace prompt you to set them up. Unfortunately they don’t always tell you the best practice, so it’s well worth having this guide open if you are going to do it yourself. Of course we’re available to give a helping hand too – just get in touch.

ADVANCED EMAIL SECURITY sOLUTIONS

Advanced email security solutions help prevent malware with multi-layered defences, including: 

  • Anti-evasion – Detect hidden malicious content. 
  • Threat intelligence – Stay ahead of emerging threats. 
  • Anti-phishing filters – Detect malicious URLs. 
  • Antivirus engines – Stop known malware.

Of course due to the skill of these solutions, they do indeed cost. We suggest if your business often sends sensitive data or requests payment details, you should have a more advanced email security solution. Unsure if you need a solution?

summary

In summary then, when used together, SPF, DKIM and DMARC can greatly reduce the risk of your domain being used with malicious intent. But as the saying goes, a chain is only as strong as its weakest link. If any of the three mechanisms are missing or not configured correctly, it negates the effectiveness of the whole system.

 

If you’re thinking of implementing SPF, DKIM and DMARC, approach with caution. While these mechanisms are vital to protecting your domain, when used incorrectly, they can have the opposite effect of blocking legitimate emails, which can lead to your domain being blacklisted.

 

The best thing about these policies is that you don’t need a new solution and they are free to configure!

 

If you’re thinking of implementing SPF, DKIM and DMARC, or an advanced email solution, get in touch and we would be more than happy to help you through the process!

DISCOVERY & DESIGN
An intimate service where we learn your business inside and out, in order to provide a holistic overview of your business’s IT Operations.From here; we analyse, suggest improvements, show the resolve through gap analysis, and build a roadmap including all improvements.
Contact us!
HOSTING
With the continuous rise of technology and the need for businesses to establish an online presence, the best web hosting services have become an essential aspect of the digital world.Cloud hosting is a service where a website or application is hosted on a network of interconnected servers, known as the cloud, instead of being hosted on a single physical server. Walker & Munns manages the cloud infrastructure, which enables you to have access to a range of computing resources, such as CPU, RAM, storage, and bandwidth.
RSVP
EXCLUSIVE IT SUPPORT
Your own dedicated IT Engineer for maintenance and support on an agreed number of days with a direct advisory line to Ricky and Dennis.*Exclusive to existing Walker & Munns customers
Unlock!
PRODUCTIVITY & COLLABORATION SUITE
Primarily productivity & collaboration will entail Microsoft 365 or Google Workspace.Though likely your business will have multiple other tools to enhance user productivity.We have worked with a multitude of solutions over the years, therefore; we can advise on the best functionality and cost value for the business.
Lets collab!
CLOUD ARCHITECTURE
Cloud architecture refers to how various cloud technology components, such as hardware, virtual resources, software capabilities, and virtual network systems interact and connect to create cloud computing environments.We blueprint your IT Infrastructure in an easy to understand display.Examples of Cloud Architecture include Microsoft Azure / 365, Google Workspace, and Amazon Web Services.
Beam me up Scotty!
BACKUP & RESTORE
Is your critical business data backed-up? Is your data secured with ransomware protection?Ensure your business data is always accessible, and defend it with built-in ransomware protection.This solution will be strongly advised for your Business Disaster Recovery (BDR) and Continuity Plan (BCP).
Have my back!
IT CONSULTANCY
We provide genuine diagnosis & advice to help your business make the right decisions, through schedules sessions.We're always happy to provide a second opinion, so get in touch if you want to run something by us - for free.
Consult us!
IT COST EFFICIENCY
Unfortunately, for a lot of businesses IT is seen as a persistent cost.And yes there is often a monetary exchange for important solutions, though it can also assist with revenue increases, if the correct workflows and automations are in place.We know all about keeping the right solution costs down and where better to use that saved capital.
Show me the money!
IT Leadership
Subscription based consultancy for your business.We'll be available by email and phone to provide diagnosis and advice to operation-wide problems or growth endeavours, with momentum meetings to ensure the IT always supports the company's ambitions.30-day rolling contract with 5% off all Walker & Munns services.
Show me more!
LICENCE MANAGEMENT
We can manage your licences to consolidate billing or we can assist with a implementing a licence management solution to manage yourself.
Contact us!
MODERN DEVICE MANAGEMENT (MDM)
Previously known as Mobile Device Management (MDM), mobile and external devices are no longer an extension of the business, but rather it's core, especially for the hybrid operating business.This calls for modern solutions for the present and the future.
I want to know more!
OFFICE SETUP
Getting your first office or moving offices?We'll work with you to advise and implement your IT needs, from internet to desk layout.
I like to move it
IT PROFESSIONAL SERVICES
Simply put, provision of the IT professional services required to achieve a goal.- Deployments - Implementations - Installations - Migrations
Contact us!
REMOTE MONITORING & MANAGEMENT (RMM)
RMM can also be referred to by other names such as remote IT management or network management.The solution allows your business's IT Support to manage more devices, more efficiently.Through remote monitoring and management, technicians can remotely support users, remotely install software and updates, administer patches, and more.
Find out more!
TELEPHONY
Effective communication is essential in any business. It aids decision making, builds relationships with customers and suppliers and allows employees from different departments to interact with each other.Implement cloud communication software including phone systems, video conferencing and collaborative messaging to manage your business comms.
Call us!
TRAINING
From 1:1 tutoring in Service Management and ITIL concepts to company-wide security training.Enquire about the variety of training and tutoring we can provide.
Jump on board!
VIDEO CONFERENCING
Boardroom to boardroom meetings, team meetings or individual catch ups, video-conferencing, also known as web-conferencing, is a way for people in your organization to communicate through a video-supported platform on a computer, smart device.
Join us for a VC!
VIRTUAL DESKTOP
Create virtual desktops in seconds. Scale to what you need. Pay for what you use.With Virtual Desktop Infrastructure (VDI) you can build a virtual desktop for a specific team or task and distribute efficiently, removing the strain of supporting, and reducing the cost of devices/depreciating assets.It is super easy to for your users to use, simply clicking the Remote Desktop Services (RDS) application on their device.
Show me a concept!
ANTI-VIRUS MANAGEMENT
The presence of viruses and other malware on the internet is always changing. Hackers are constantly developing new forms of software for any number of purposes.There are three main functions of anti-virus software: proactively blocking viruses from infecting your devices from the internet, reactively mitigating threats, and protecting your devices from human error.
Protect me!
EMAIL SECURITY
Emails are still the most targeted business application by cyber criminals.Whether it be spoofing or phishing, or simply reducing spam, it is important to have measures in place to protect your users and your business, as it can lead to loss of brand reputation or ransomware attacks which are extremely costly if the business is not prepared against them.We can provide a free email security check to help identity improvements.
Phish for information!
IDENTITY & ACCESS MANAGEMENT (IAM)
Control the access people have to your business resources, whether that be permanent employees, contractors, or 3rd party support.A good IT infrastructure will ensure access is centralised and utilising Single Sign-On (SS0) & Multi-Factor Authentication (MFA), where possible.
Contact Us!
PENTEST
Penetration testing is a method of testing, measuring and enhancing established security measures on information systems and support areas.It identifies weak points and threats to the business, encouraging improvements and listing known vulnerabilities.This is a requirement for some certifications, especially when in app development and hosting.
Get in touch!
PASSWORD MANAGER
Recent studies show that the average individual has 100 user accounts.Implementing a password manager will help educate your users in using stronger passwords, remove the inconvenience of remembering/forgetting numerous credentials, and prevent users from reusing the same passwords.
1Forrest1!
VIRTUAL PRIVATE NETWORK (VPN)
The primary business benefits of a VPN solution today are security focused.If your business is operating a hybrid model, a VPN would be considered a must-have due to the number of unfiltered Wi-Fi connections your users could be using.The three common benefits today are: - Heightened security - Remote access to business resources - Geo-independence
There is light at the end of the tunnel!
ASSET MANAGEMENT
As the business grows it is difficult to keep track of assets, leading to financial and security problems.We ensure the correct tools and procedures are in place to ensure your business knows who is using the asset, why, when, what for, and where it is.
Where to start?
CONTINUAL SERVICE IMPROVEMENT
A proactive and efficient ITIL component focusing on improvements to ensure the business grows and adapts to ever changing technologies.This is done by listing all IT improvements with intention to resolve.
Continually improve with us!
CHANGE MANAGEMENT
Change management is an IT Service Management discipline to improve service delivery to the business by the effective and prompt introduction of changes into the IT environments with minimal disruption of service.This is achieved by ensuring that all changes are tracked, managed and reviewed so that they are properly prioritised.
Change with us
INCIDENT MANAGEMENT
Incident management is the practice of restoring services as quickly as possible after unplanned events.The process aims to identify and correct problems while maintaining normal service, whilst minimising impact to end users.
Too much downtime?
POLICY & PROCEDURE MANAGEMENT
Whether it is business as usual, for an audit or certification, it is important to have the correct controls in place.We can assist in writing Policies (why we do things) and processes (made up of procedures) to ensure your business runs optimally.
Step 1: Click here
PROBLEM MANAGEMENT
Whereas Incident Management looks to resolve issues as quickly as possible to reduce downtime, Problem Management is a diagnosis and resolution of the source issue.This could be implementing a new solution, a new process or simply clarifying a workflow, to reduce problems causing multiple issues.Problem Management often requires good Change Management to prevent causing another Incident.
IT problems only, please!
PROJECT MANAGEMENT
It's not uncommon for IT services or business operations to have a lot of delicate moving parts.Communication is almost always the culprit in poor service delivery. We ensure communication with all relevant parties as dictated by RACI.
1st class delivery. Always.
REPORTS & DASHBOARDS
How best to reduce time, gathering information and data, designing a presentation, organising a meeting, and finally presenting?Have the correct tools in place for automation.
Pie?
SERVICE CATALOGUE
A Service Catalogue is the store front or directory of services available to a user or customers. This includes setting expectations (what you get, when, how, at what cost) and proper measurement of those expectations to determine if they have been met or exceeded.Many businesses have fantastic products, but forget to service it correctly. We're lucky to combine our IT skills with quality customer service, and we can assist you with yours too.
Looking for satisfaction?
SERVICE DELIVERY
Delivering a service is easy. Delivering a good service with 100% satisfaction... not so much.Fortunately we have a ton of project and support experience to help us deliver the best services to you and to help you deliver the best services to your own business & customers.
Consult for the result!
SERVICE DESK
How to ensure the framework's disciplines are smooth?Implement a strong Service Desk. The core of Service Management.From managing simple support requests to organising a Managed Service Provider's (MSP) 24/7 IT Support, we can assist in ensuring service operations run smoothly.
Raise a ticket!
CERTIFICATION
Often its not until the audit for Cyber Essentials or ISO27001 does a company identify gaps in their IT infrastructure, which leads to time lost and dismay trying to implement and re-write policies.We are experienced in such security certifications and work with trusted governing bodies to help you certify efficiently.
Help us prepare!