Protecting your email domain name using DMARC
If you’ve been in the IT managed services industry for long enough you will have, at some point, had to explain to a client that email isn’t secure and that if someone wanted to, then then could pretend to be someone else sending an email.
We’ve had Sender Policy Framework for a while, which goes some way to helping legitimising which servers can send email, but it isn’t the whole answer.
Then came DKIM to digitally sign the email messages being sent by your organisation to provide another level of authenticity.
After that DMARC arrived and it provided a way for your organisation to provide a policy on how to check emails from your domain.
If you’re a small business and are using Office 365 then it’s relatively simple to enable this powerful feature….
Step 1 – Ensure your SPF record is correct
https://docs.microsoft.com/en-gb/office365/SecurityCompliance/how-office-365-uses-spf-to-prevent-spoofing
Step 2 – Enable DKIM
https://docs.microsoft.com/en-gb/office365/SecurityCompliance/use-dkim-to-validate-outbound-email
Step 3 – Enable DMARC
https://docs.microsoft.com/en-gb/office365/SecurityCompliance/use-dmarc-to-validate-email
It still needs the recipients mail system to be checking for these things, but more and more will, so it’s important to set these up.
This is one of the many items we check as part of an extensive security review we can perform.
If you want to check if your domain is configured then visit MX Toolbox