How to prevent email spoofing with dns settings
Lately, we've seen an increase in email spoofing. In this post you'll learn how to prevent email spoofing with dns settings. Spoofing is when someone sends an email with your address, which, sadly, isn't very difficult to do. Luckily, securing your email is less complicated. First I'll cover some of the technical terms, with some general instructions, followed by some useful websites with more information.
Over the years there have been several attempts to combat email spoofing, and one of the first was DKIM. DKIM (DomainKeys Identified Mail) uses a public and private key to verify the sender of the email is allowed to send from that domain. Your email service must offer this feature before you can use it, and most do. A DNS TXT record is also required, and your email service usually dictates the values.
SPF (Sender Policy Framework) sounds complicated, but it isn't. It requires you to create a DNS TXT record that follows a specific format. In this TXT record, you need to specify which servers are allowed to send email for your domain, and what to do if an email doesn't come from one of those servers. If an email comes from someone at Bulldog, it must come from one of Google's servers, or it gets rejected.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) can use DKIM and SPF to help secure your email. DMARC specifies if you are using DKIM and or SPF. You also specify what happens if one of these fails. You can have the email go to quarantine, or reject the message. The best feature of DMARC is reporting. You can instruct mail servers how to notify you if they receive an email that fails. You enable DMARC by adding a TXT record to your DNS server for your domain.
Email has certainly changed since my days of using Juno to send email to friends. It's now a vital tool for the operation of most companies. Securing your email is something that every business should do. If this is something you need assistance with, don't hesitate to give us a call, we would love to help.