How to identify and prevent attacks through emails
Over time, people tend to use the same email address for a long time. Although it’s not a problem, security might be put aside, letting your email in peril.
The average person who uses email in the U.S. is high. For instance, the people from 46–64 and +65 are incredibly high and might be those who don’t have information about how to secure their emails or how to identify possible threats.
Some email protocols can help secure your account or email servers, such as SPF, DMARC, and DKIM, as they provide secure authentication from when an email is sent to when it arrives at its destination. As Google’s mail server is widely used, this article will use Google as a reference to explain these protocols and how they work.
Sender Policy Framework — SPF
RFC 7208 is the specification for SPF, a standard authentication method that uses a DNS server to prevent spoofing and your email address from being labeled as spam by receiving servers. In other words, it limits who can use your organization’s domain as senders on email messages.
DomainKeys Identified Mail — DKIM
DKIM enables an organization to take responsibility for transmitting a message so it can be verified using cryptographic authentication. Using an encrypted key to sign the message allows the receiver to verify the authenticity of the message. The private key signs the message that only the sender possesses. Thus, it generates a hash string, for example, “89B8B8E486421463D7E0F5CAF60FB9CB35CE169B76E657AB21FC4D1D6B093603” that can be decrypted by the receiver using their public key, which is the only possible way to review the accurate content of the message.
Domain-Based Message Authentication, Reporting & Conformance — DMARC
DMARC is an email authentication, policy, and reporting protocol. It gives the ability to protect your domain from unauthorized use, well-known as spoofing. It added a linkage to the author known as “From:” domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders. This monitoring protection adds a protection layer to your email server, protecting it from fraudulent emails. DMARC is used by combining these two authentication methods: SPF and DKIM.
References:
Gilbert, N. (2022, January 14). Number of Email Users Worldwide 2022/2023: Demographics & Predictions — Financesonline.com. FinancesOnline.com. Retrieved October 8, 2022, from https://financesonline.com/number-of-email-users
Help prevent spoofing and spam with DKIM — Google Workspace Admin Help. (n.d.). Google Support. Retrieved October 8, 2022, from https://support.google.com/a/answer/174124?hl=en
Help prevent spoofing and spam with DMARC — Google Workspace Admin Help. (n.d.). Google Support. Retrieved October 8, 2022, from https://support.google.com/a/answer/2466580?hl=en&ref_topic=2759254
Help prevent spoofing and spam with SPF — Google Workspace Admin Help. (n.d.). Google Support. Retrieved October 8, 2022, from https://support.google.com/a/answer/33786?hl=en&visit_id=638008521490055721-2025214636&rd=1
Johnson, B. (2017, June 8). SPF, DKIM, DMARC Technical Details — Uptake Digital. Uptake Digital. Retrieved October 8, 2022, from https://uptakedigital.zendesk.com/hc/en-us/articles/115000229034-SPF-DKIM-DMARC-Technical-Details
