Monday, May 30, 2016

No more forged emails! - SPF and DKIM

Secure email is vital to any organization. If you have ever received email from your employee or a company you do business with, but it's actually really from a malicious/unknown source, then you've seen first hand how easy it is to forge emails. Our previous blog post covered how users can prevent important email from landing in their spam folder. This post covers a common question we get from our customer base; why does sent email end up in the recipient's spam folder or isn't delivered at all?


Every recipient is unique and has different spam filtering settings for messages being received. Typically, recipient servers don't provide information about spam filtering to the sender of an email simply because it makes the recipient vulnerable by giving too much information to actual spammers who could then potentially get around the filters. This is where SPF and DKIM authentication come into play. Authentication legitimizes the source of the email to prove it isn't forged and is a thorough way of ensuring your email is delivered to the person you are sending to.

A sender policy framework (SPF) record is a type of DNS (domain name server) record that identifies which mail servers are permitted to send email on behalf of your domain. SPF records are used to prevent spammers from sending email on your behalf. It essentially asks, "is this email coming from an authorized mail server?" If it isn't, the email is likely to be spam.

A DomainKeys identified mail (DKIM) record simply adds a digital signature to emails your organization sends. The email recipient servers check if the signatures match and if so, the email hasn't been tampered with and is from a legitimate sender. Fundamentally, the DKIM check verifies that the message is signed and associated with the correct domain.

Having both SPF and DKIM records in place can greatly reduce the potential of spam email appearing to be sent from your domain and also improves email deliverability. An easy way to check if your domain's SPF and DKIM records are in compliance with Google's recommendation is by going here: https://toolbox.googleapps.com/apps/checkmx/check.
The interlockit.com SPF address declares that Google Apps, Freshbooks, Sendgrid, and MailChimp are all authorized to send email on behalf of our domain. 
Our team at InterlockIT has assisted many hundreds of companies and organizations update and correct their DNS records resulting in very happy customers. Be sure to contact us today to prevent email forgery for good!