Email authentication or validation is a collection of techniques that provide information about the origin of emails. Email authentication enables domain administrators to block spoofed emails, phishing scams, and to some extent, spam emails. These techniques help a receiving email server or mailbox provider verify that incoming emails originate from a source it claims to be from. In addition, validating emails also ensure that messages remain unaltered while in transit.
Email authentication is an effective defense mechanism that helps prevent spoofing and phishing scams in case the email appears to be from one domain but is actually sent from another.
A quick recap of spoofing and phishing scams
Spoofing is a method that scammers often use. It is the forging of another person’s or company’s email address to get users to open a message. On the other hand, phishing is sending an email that attempts to trick recipients into giving out personal information, such as credit card numbers or account passwords. The email pretends to be from a legitimate source, such as a user’s bank, credit card company, or online web merchant.
Most phishing attacks come from an email with a spoofed or forged sender’s address. Usually by forging the “from line”. Authentication significantly reduces spoofing and phishing attacks. Therefore, verifying senders’ identity stop phishing and spoofing from reaching your employees’ mailbox. It provides information businesses can use to understand spoofing and phishing efforts against their brands.
SPF, DKIM, and DMARC email authentication explained
Email authentication protocols operate as both judge and executioner on the uncharted highways of SMTP relays. These protocols, namely SPF, DKIM, and, DMARC protect your domain by;
- Creating records that determine email servers or hosts authorized to send emails from your business’ domain.
- Encrypting and assigning digital signatures that protect email messages by ensuring they remain unaltered while in transit.
- Preventing spoofing of the header “from line” of an email. This is the address that the user can see.
- Instructing receiving email servers or mailbox providers on what to do with unauthenticated emails
Sender Policy Framework (SPF) email authentication
During email delivery, SPF allows the receiving mail server to check that an email claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators. This is how it works:
- The recipient email server asks the sender’s domain to verify that the sender is authentic.
- The recipient email server requests a list of IP addresses the domain has authorized to send emails on its behalf. An SPF record contains this list and is published on the sending domain’s (Domain Name System) DNS
- If the email’s origin, i.e. IP address does not appear on the said list, the SPF will ‘fail’ the email.
DomainKeys Identified Mail (DKIM) email authentication
DKIM enables email servers to attach special DKIM signatures to the emails that act as a watermark for email so that email receivers can verify that the email actually came from the domain it says it does and that it hasn’t been tampered with. The DKIM signing processes involves encryption that prevents unauthorized entities from tampering with the email while in transit.
The DKIM signature contains all the information needed for an email server to verify that the signature is real. With DKIM, the signature is encrypted by a pair of encryption keys. The originating email server has what is called the “private key,”. The receiving mail server or ISP verifies with the other half of the key pair called the “public key.”
More specifically, when DKIM is enabled, it compares the public key-encrypted signature with the private key-encrypted signature. The recipient email server or mailbox provider verifies the message by decryption using a newly generated key to confirm that the message has not been altered. DKIM also confirms that the sender is from the listed domain and that the sender has not been spoofed.
Domain-based Message Authentication Reporting and Conformance (DMARC)
DMARC makes it harder for threat actors to convey phishing attacks that spoof brands. It blocks the delivery of those messages to inboxes. With DMARC, businesses create a record of who is authorized to send emails from their domain. Consequently, this helps to prevent the misuse of a company brand in phishing campaigns by;
- Harmonizing the “header from” domain name with the “envelope from” domain name used during an SPF check
- Aligning the “header from” domain name with the “d= domain name” in the DKIM signature.
With DMARC, a business checks all incoming emails against DMARC records. It subjects any email that fails the check to certain actions.
- Block delivery of unauthenticated messages
- Quarantine or place unauthenticated messages in the recipient’s junk email folder
- Give no specific guidance on how to treat unauthenticated messages. However, it provides reports on spoofing/phishing efforts. In addition, it allows businesses to learn more about which senders fail authentication and why
Businesses can protect their brands by taking control of who is authorized to send emails using the company’s domain names. Email validation techniques protect your domain and weed out scammers who spoof domains or email addresses to trick individuals. SPF, DKIM, and DMARC work together to stop spoofing. They may not completely stop phishing attacks but will significantly reduce the number that make it to your inbox. It is an essential part of any email security solution.
Pepea Email Security implements SPF, DKIM, and DMARC to protect your brand and users. Contact us to learn more about how we can help your business stop spoofing and reduce the headache of spam and phishing emails.