There's no doubt that in the last two decades email has become the backbone and primary source of business communication. Businesses rely heavily on emails to communicate internally with their own staff as well as externally with clients and partners. Gmail alone has well over one billion monthly active users. Such heavy email dependency requires immense reliability and security. Unfortunately, we find many businesses are unaware that their backend mail settings are not configured for optimum reliability and security.
When it comes to securing Gmail admin settings, it's crucial to have the correct DNS (Domain Name Settings) configured to prevent domain spoofing. What's domain spoofing? In simple terms, it's the unauthorized use of a third-party domain name, primarily in an email message, in order to pretend to be someone else. SPF, DKIM, and DMARC are all security standards followed in G Suite applications to keep your domain safe. SPF (Sender Policy Framework) records allow the user to easily identify spam messages for their domain. DKIM (Domainkeys Identified Mail) attaches a new domain name identifier and encrypts the message to validate authorization for the message, and DMARC (Domain-based Message Authentication, Reporting & Conformance) allows the user to instruct how Gmail handles unauthenticated emails coming from within the domain. These may all sound complicated but are quite necessary to keep your users and domain safe. Use the Google Toolbox MX checker to see if your domain is configured correctly. If there are issues you will see the following prompt when you run the check:
If this is what you see when you check your domain, contact us! We highly recommend using an expert to configure these security protocols as we've seen customers claim their IT staff has already set these up, only to find out later that it was configured incorrectly. This cost of properly setting these protocols up is negligible in comparison to the potential damage they prevent.
In our several years of experience, we've seen users simply don't realize the importance of having the proper DNS records set up, simply because it was not given importance or because it was too complicated for their IT staff to configure correctly. To help our cloud friends enjoy a safe and secure domain, InterlockIT will clean up your DNS records for FREE in exchange of transferring your G Suite subscription to us as your reseller (some conditions apply). It's a win win since you get free assistance to protect your domain as well as all the benefits of having a Google Cloud Partner. Contact us today and lets secure your domain!
Interlock IT Inc. - moving businesses to the cloud since 2009
Showing posts with label Authentication. Show all posts
Showing posts with label Authentication. Show all posts
Friday, June 23, 2017
Monday, May 30, 2016
No more forged emails! - SPF and DKIM
Secure email is vital to any organization. If you have ever received email from your employee or a company you do business with, but it's actually really from a malicious/unknown source, then you've seen first hand how easy it is to forge emails. Our previous blog post covered how users can prevent important email from landing in their spam folder. This post covers a common question we get from our customer base; why does sent email end up in the recipient's spam folder or isn't delivered at all?
Every recipient is unique and has different spam filtering settings for messages being received. Typically, recipient servers don't provide information about spam filtering to the sender of an email simply because it makes the recipient vulnerable by giving too much information to actual spammers who could then potentially get around the filters. This is where SPF and DKIM authentication come into play. Authentication legitimizes the source of the email to prove it isn't forged and is a thorough way of ensuring your email is delivered to the person you are sending to.
A sender policy framework (SPF) record is a type of DNS (domain name server) record that identifies which mail servers are permitted to send email on behalf of your domain. SPF records are used to prevent spammers from sending email on your behalf. It essentially asks, "is this email coming from an authorized mail server?" If it isn't, the email is likely to be spam.
A DomainKeys identified mail (DKIM) record simply adds a digital signature to emails your organization sends. The email recipient servers check if the signatures match and if so, the email hasn't been tampered with and is from a legitimate sender. Fundamentally, the DKIM check verifies that the message is signed and associated with the correct domain.
Having both SPF and DKIM records in place can greatly reduce the potential of spam email appearing to be sent from your domain and also improves email deliverability. An easy way to check if your domain's SPF and DKIM records are in compliance with Google's recommendation is by going here: https://toolbox.googleapps.com/apps/checkmx/check.
Our team at InterlockIT has assisted many hundreds of companies and organizations update and correct their DNS records resulting in very happy customers. Be sure to contact us today to prevent email forgery for good!
Every recipient is unique and has different spam filtering settings for messages being received. Typically, recipient servers don't provide information about spam filtering to the sender of an email simply because it makes the recipient vulnerable by giving too much information to actual spammers who could then potentially get around the filters. This is where SPF and DKIM authentication come into play. Authentication legitimizes the source of the email to prove it isn't forged and is a thorough way of ensuring your email is delivered to the person you are sending to.
A sender policy framework (SPF) record is a type of DNS (domain name server) record that identifies which mail servers are permitted to send email on behalf of your domain. SPF records are used to prevent spammers from sending email on your behalf. It essentially asks, "is this email coming from an authorized mail server?" If it isn't, the email is likely to be spam.
A DomainKeys identified mail (DKIM) record simply adds a digital signature to emails your organization sends. The email recipient servers check if the signatures match and if so, the email hasn't been tampered with and is from a legitimate sender. Fundamentally, the DKIM check verifies that the message is signed and associated with the correct domain.
Having both SPF and DKIM records in place can greatly reduce the potential of spam email appearing to be sent from your domain and also improves email deliverability. An easy way to check if your domain's SPF and DKIM records are in compliance with Google's recommendation is by going here: https://toolbox.googleapps.com/apps/checkmx/check.
The interlockit.com SPF address declares that Google Apps, Freshbooks, Sendgrid, and MailChimp are all authorized to send email on behalf of our domain. |
Labels:
Authentication,
DKIM,
DNS records,
domain,
Email,
Email delivery,
Email forgery,
Email server,
Gmail,
Google Apps,
Malware,
Message Security,
Spam,
SPF
Subscribe to:
Posts (Atom)