There are many ways to secure your organization’s email. In this article, we’ll discuss three free that help to protect the integrity of your email – that is, ensuring that your email server can’t be easily spoofed and that your email hasn’t been altered in transit.
The three technologies we’ll discuss are:
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
- Domain Message Authentication Reporting & Conformance (DMARC)
SPF is a simple record you can add to your DNS server that specifies what mail servers are allowed to send email for your domain. This helps to ensure that someone cannot create an email server and send as your domain unless you have authorized them to do so in your DNS records.
DKIM ensures that emails sent to and from your mail server haven’t been altered in transit. This prevents man-in-the-middle style attacks on your email. DKIM is configured through your mail provider, and is usually free as well.
DMARC ties SPF and DKIM together with another simple DNS record that provides a policy for how SPF and DKIM operate. DMARC also specifies an email address where delivery and forensic reports can be sent for analysis.
Email-based attacks remain one of the biggest areas of cybersecurity risk for most organizations. While these enhancements to your email will not protect you 100%, they are a tremendous step forward in your email security, free, and usually easy to implement.