Have you ever had trouble getting your legitimate email received by a customer? What about not getting a client’s email that you know they sent, and when you search, you find it in your spam folder?
These types of email problems are prevalent and they drag down productivity as well as cause a host of other potential costly issues.
Bounced emails is just one problem that can happen if you don’t use email authentication, which tells an email server that a message was sent from an authorized party.
Email authentication has become important as an anti-phishing tool due to the rise in email spoofing. This is when a hacker uses a legitimate company’s email address in the “From” line of a phishing email containing malware or dangerous links that’s sent from a completely different server.
Email spoofing is used to fool a user into believing the email is legitimate because they may recognize and trust the domain they see when looking at the From line of a message.
This tactic has become so dangerous that it’s caused Microsoft to recently increase email spoofing protection on their mail servers.
Why Do Email Spoofing Protections Cause Bounced Email?
The increase in email spoofing safeguards caused a domino effect that resulted in legitimate emails getting bounced or sent to junk mail folders if the company sending them did not set up email authentication.
Here’s why:
- Emails that are spoofed are actually being sent from a different domain IP address than the one being used in the From line.
- Email spoofing protections look for mismatches between the server IP address approved to send mail for the domain address in the From line and the server IP address that actually sent the mail.
- If those two don’t match, the message can be flagged, and either bounced or sent to a quarantine or junk mail folder.
- Companies that use services like Salesforce or MailChimp to send email, but do not set up email authentication telling a mail server those IP’s are legitimate as well as their own, can have those messages treated like email spoofing.
Email spoofing goes hand in hand with email spam protection and it’s vital in today’s threat environment.
What is SPF, DKIM, and DMARC?
To ensure your legitimate emails aren’t blocked by email spoofing filters and to also detect email spoofing in phishing attacks on your network, it’s important to put three email protocols in place on your mail server.
These three systems all work together to tell receiving mail servers whether or not mail sent from your company’s domain is legitimate and can help block incoming email that spoofs your address to employees.
Attacks using email spoofing have risen 4x in just a year, making it a major issue for both cybersecurity and email delivery.
The three protocols used each add a different layer of authentication.
Sender Framework Policy (SPF)
SPF is the first level in email authentication. It checks whether a mail server’s IP address is authorized to send mail for a domain (@company.com).
It will check the IP address from the sending mail server against the authorized IP addresses attached to the domain, if they match, the email is seen as legitimate, if they don’t, it’s flagged as potential email spoofing.
Domain Keys Identified Mail (DKIM)
DKIM further validates a message by using two keys that look at a message header and the sender of the message. One key remains on the mail server and the other is sent with a mail message.
This protocol validates that a message was sent from the domain it says it was sent from and that nothing in the header was changed during transit.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC connects with SPF and DKIM and tells the receiving mail server what to do with a message. It’s the “instructions” part of the three protocols.
DMARC will check to see if SPF and DKIM have passed or failed and then give instructions to the receiving mail server what to do with the message. Such as, to reject the message or send the message to a quarantine folder if it fails one or both of those protocols.
Additionally, using DMARC you can get information back about any messages using your domain that have either passed or failed authentication, which can give you an important heads up about any potential spoofing. This can also alert you if you’ve forgotten to add a cloud service you use to send email on your behalf (like a CRM) as an authorized address, helping you solve bounced email problems for legitimate mail.
Improve Email Security & Deliverability with Solutions from Rocky Knoll Technologies
Email continues to be the main way that organizations communicate with their customers. We can help you make sure you have protections in place that will keep you safe from spam and phishing as well as ensure your legitimate mail gets delivered.
Contact us today to schedule a consultation. Call 704.594.7292 or reach us online.
