Here is TWO EASY WAYS to Increase Email Security and Legitimacy for your organization and domain.
- USE Sender Policy Framework (SPF). SMTP, the email protocol in use in the internet for over 40 years, works well in many ways but is far from perfect. When it was originally created, no one had to worry about people trying to send mail as people other than themselves. SMTP, on its own, places no restriction on what a sending host can use as the “MAIL FROM” of a message or the domain. Thus, spammers can forge sender addresses. SPF, Sender Policy Framework, is a protocol to fix this. SPF allows you to specify sender policy. You use special SPF DNS TXT records which you publish to the internet. These TXT records specify the server names and/or IP addresses of the servers which you allow to send mail with a “MAIL FROM” your domain. Add the external address/fully-qualified domain name (FQDN) as an allowed address. Also be sure to include any other parties sending mail on behalf of your domain. You want to allow by your SPF policy your web server, invoice email server, whatever app sending email servers you have to send mail. This will increase the legitimacy and reliability of your outbound mail. It will also help your outbound mail pass through spam filters (though you will have to follow other Good Practice; SPF is usually just one facet of a multi-rule evaluation). Here is a nice on-line “wizard” that will help you craft your SPF record: http://www.spfwizard.net/. If you need help on the technical specifics of setting up the SPF record, which amounts to adding a TXT record to your DNS, please contact Rex Consulting. If you are an existing client, please use the normal support protocol.
- Block/quarantine inbound mail FROM your domain. Make sure that you block, at your firewall or email security proxy/gateway, by proxy, any inbound mail which is addressed with a sender from your own domain. This prevents PHISHING mails which are crafted as being sent from someone in your organization (say, your CEO) to another someone (say, your CFO) in your organization. Note: You will have to exclude any external addresses/server names that SHOULD be allowed to send mail on behalf of (from your domain), for example your web server which may send mail on behalf of your domain.
Any questions, please contact Rex Consulting.
© Copyright 2018 Rex Consulting, Inc. - All rights reserved