Easy (and Cheap!) ways to secure your corporate email domain

Email is such a critical business tool for many businesses. And the massive shift to a “Work from Anywhere” model has led to an increased risk of breaches and/or exposure of sensitive information outside your traditional corporate infrastructure.

With email still one of the top attack surfaces for a business and the cost of phishing attacks almost quadrupling in recent years, you need to be doing everything you can to secure your users and the data used in email.

It is crucial, now more than ever, to ensure email security protocols are properly implemented. The trio of protocols known as SPF, DKIM, and DMARC can safeguard your email presence by implementing protection mechanisms to stop domain spoofing and email tampering. These three protocols complement each other and should be implemented in conjunction with one another.

Sender Policy Framework (SPF) hardens your DNS servers and restricts who can send emails from your domain. SPF can prevent domain spoofing, where an attacker can register domains that look similar to yours and start masquerading as you to your users or downstream customers. SPF enables your mail server to determine when a message came from the domain that is authoritative for it and if it is allowed to forward mail on your behalf.

DomainKeys Identified Mail (DKIM) ensures that the content of your emails remains trusted and hasn’t been tampered with or compromised.

Domain-based Message Authentication, Reporting and Conformance (DMARC) ties the first two protocols together with a consistent set of policies and reporting features.

Guidance on creating and configuring the above three protocols can be found below:

• Create an SPF record.
• You can create a DKIM record via your email security provider such as Proofpoint, or you can create one yourself by following this guide.
• Create a DMARC record.

Significant changes in working patterns demand that cyber security be front and centre in your IT planning. Reach out to Team Cythera should you have any questions or need assistance in securing your business.