Electronic mail (email) has been around for a very long time since 1971 according to some trusted sources. Not only is email used in our personal lives, but businesses also use it to conduct daily activities. Emails may contain a plethora of sensitive information from Financial Records, Secret Formulas, and Health Records. You name it if the data exists there is a possibility of flowing through email. Five decades ago the existence of Spam, Phishing, Whaling, or any of the myriad of cybersecurity attacks was not even conceived of. The security email protocols were not considered. It's been a long time since then and now it seems that cybersecurity is at the forefront of everyone's mind.
There have been iterations of security mechanisms that aid in securing email. Here we provide an overview of the major security protocols:
SPF stands for Sender Policy Framework. SPF uses DNS records to verify that an email was sent from an authorized IP address. Email administrators publish these DNS records which receiving parties use to discern if emails are coming from trusted and/or allowed IP addresses. If emails do not pass this test they are flagged as not having passed SPF. It is up to the receiving party how to deal with these emails.
DKIM or DomainKeys Identified Mail uses a digital signature to verify that an email wasn't modified prior to arriving at the recipient's mailbox. DKIM also uses DNS records in order to publish its Public Key which is required for hashing to take place. In short, the sender hashes the email contents and provides the hash, the receiving party then computes to the same hash on the received email. If the hashes match then we can verify that the message has not changed and therefore pass DKIM. If the hashes differ the email will fail DKIM. It is up to the receiving party how to deal with these emails.
Up until now, we are just checking whether SPF or DKIM passes, but we are not telling anyone what to do with non-compliant emails. (emails that don't pass DKIM or SPF checks. This is where DMARC or Domain-based Message Authentication, Reporting, and Conformance steps in. You guessed it DMARC also uses DNS records. These DNS records instruct the receiving party on how to address emails that fail checks. The three basic options that you can request from the receiving end are:
- Do Nothing
- Quarantine The Emails
- Reject the emails.
The end goal should be to ask for emails to be rejected though there are use cases where the other two options are used.
These protocols help protect against business email compromises by helping prevent spam, phishing, and other cyber security threats impacting emails. Large email providers such as Google and Microsoft have already adopted these protocols. There is no reason why you shouldn't implement these tools if you are running email services. While there are many SPF/DKIM/DMARC online tools, I would start with your email provider it may be that they can do the heavy lifting.
Email is a critical communication tool, it's used daily. Implementing these security mechanisms isn't difficult and it helps prevent cyber security threats. I encourage all of you to implement these protocols in order to improve the security of your email communications.
