Are you using DKIM to protect your customers and yourself? Are you up to speed with DMARC and how these technologies can prevent your domain name from being spoofed in phishing attacks?
Most Sendio customers think about how to stop inbound email. Our customers know that Sendio is uniquely suited to eliminate email from your inbox ranging from malicious to just unwanted.
What many of our customers don’t know is that Sendio has been at the forefront of a group of technology standards that provide many benefits and these technology standards supported in Sendio can help protect your corporate identity.
As a Sendio customer, if your company sends email with important information such as financial transactions, billing information, health information, or any information that is governed by compliance requirements such as HIPAA, PCI, SOX, GLBA then read on.
Use of Domain Key Identified Mail (DKIM)
Many administrators using Sendio skip over the DKIM (Domain Key Identified Mail) options in Sendio’s Administration console. This is understandable as we at Sendio do not spend a great deal of time educating our customers about the benefits of these options. Also, the standard filtering options are often sufficient to manage inbound email security and inbox efficiency.
However, we do speak to Sendio customers that are frustrated trying to deal with emails impersonating their domain name. These emails go to their own customers in an attempt to steal personal information. Sendio customers have considered how to combat these attacks which, while no fault of their own, are hurting the corporate reputation.
Unfortunately, some Sendio customers don’t realize that they already own a set of technologies within Sendio that can help significantly reduce these types of spoofing campaigns. Especially when email is sent to personal email addresses such as Yahoo, Gmail, or AOL.
Sendio has made DKIM signing for outbound email and DKIM signature checking for inbound email available for a longtime. A useful tool when used by both sender and receiver, DKIM can be a difficult standard to implement on your own. However, with Sendio it only requires a few clicks in the admin console to sign messages and publishing a text record in your DNS, which Sendio generates the exact text for you to add.
For inbound email there’s a second challenge. DKIM is great for allowing receivers to validate messages by matching DKIM signatures. But what do we know about unsigned messages?
DKIM for Unsigned Messages
With the advent of DMARC (Domain-based Message Authentication) what to do with unsigned messages has had a major improvement. Unlike DKIM which functions to verify a message by PKI signing, DMARC provides information about how and if a company is using DKIM. This is that last very important piece of the overall verification puzzle.
How is this important to protecting a Sendio user’s corporate domain name? Enabling DKIM in Sendio and publishing a DMARC policy in your DNS record you can ensure that those checking your DMARC policy are getting only emails from valid users of your domain name. Setting up a DMARC policy is very easy. It’s one line with a few specifications. The real heavy lifting is to sign outbound messages which is what Sendio does for you.
Also, you have the ability to set up your DMARC policy and just monitor it at first. You do this by providing an email address in the DMARC policy. This will generate email notices from DMARC users who receive email with your domain name but DKIM fails. This is also useful for verifying that all your outbound messages are properly signed. Later you can recommend to receivers to reject messages that don’t comply with your DMARC policy.
Protecting Your Domain
- Publish a public key in DNS. – Sendio will generate the exact text to publish. Found under Outbound DKIM control in the admin console.
- Enable DKIM signing in Sendio. – This is done simply by checking a box in your Sendio settings.
- Create an email box. – Set up something like dmarcinfo@<yourdomain>.com.
- Publish a DMARC record in DNS. – This might look like “v=DMARC1; p=none; rua=mailto:dmarcinfo@<yourdomain>.com”.
When you are comfortable that DKIM signing is working edit p=none to p=reject. At this point anyone checking DMARC will reject messages that don’t pass the DKIM signature applied by Sendio. This in turn stops malicious emails from spoofing your domain.
The message here is that it is easy to stop many of these attacks with the tools you already have in Sendio.
For more information on DKIM, DMARC, and Sendio visit: