DKIM stands for DomainKeys Identified Mail, which is an email authentication method. This method is used to detect spoofed, or fake sender email addresses. It is also another way to link an email back to a domain. When using DKIM, a sender can attach DKIM signatures to an email (header that is added to the message and is secured with encryption), and once the recipient receives the email, they can verify that it is actually you who sent it. The biggest reason why DKIM is so important for your organization is because spoofing emails from trusted domains is a popular technique for phishing campaigns, and DKIM makes it harder to spoof emails from domains that use it.
SPF stands for Sender Policy Framework and is another great email authentication technology used in email delivery and email security. Like DKIM, this protocol is another way to link an email back to a domain. SPF gives the receiver of an email information on how legitimate the sender email is. When a recipient receives an email, their email provider verifies the SPF record by looking up the domain name listed in the “envelope from” address (which is the return address) in the DNS records. If the IP address of the sending email of the message is originally from a server that is not on your list, then the receiving server may flag the message as spam which will then fail the SPF authentication check.
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is a relatively new email authentication protocol that protects your domain from unauthorized use, also known as email spoofing. DMARC is very effective for organizations because it uses both DKIM and SPF records to validate the sender of an email. A DMARC record allows a sender to indicate that their messages are protected by SPF and/or DKIM and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
These three components will greatly help to protect against spoofed phishing emails. While the tips I’ve offered in this blog post are intended to help prevent fraudulent emails from arriving in the inboxes of your staff, it is equally important that your employees are continually trained and tested to recognize phishing emails that get past all filters.