We are starting this blog off with a series on Email Security which will cover the 3 main techniques for protecting your email and domain from fraudsters, DKIM, SPF, and DMARC. Despite the increase in the number of tools available for communicating within businesses, emails still reign supreme, and for spammers and fraudsters, this is also very true, in 2018 92% of all malware attacks occurred via emails. This means that for organizations big and small, email security is something we all have to pay attention to. Alongside SPF and DMARC, DKIM is one of the tools available for protecting email domains from impersonation, and in this blog, we will provide a very brief overview of DKIM and in a follow-up blog we will provide a walkthrough of setting up DKIM for a domain associated with an Office 365 Tenant.
What is DKIM?
DomainKeys Identified Mail (DKIM) is an email authentication mechanism that helps organizations protect their domain from spoofing. The purpose of DKIM is to signify to servers receiving emails from your email server that the email is legitimate and actually sent from your email servers – this is done by using private keys in the mail server to encrypt outgoing email headers from your domain, and publishing public keys in your domain’s DNS records which will be used by the receiving mail server to decrypt the email. This confirms that the messages are really coming from your domain and not from a bad actor impersonating your domain.
To summarise in layman’s terms, DKIM signing basically upends an identifier/signature to messages sent from your domain/mail server, this identifier is then used by the server receiving your emails to confirm that the emails are authorized and have not been modified in transit and that the email was actually sent from your organization. If the email fails the authorization checks, the email is scored and can be rejected by the receiving server, or sent to junk depending on the email filter settings on the receiving mail server.
Why DKIM?
The primary purpose of DKIM is to help prevent domain spoof, and unlike some of the other methods available for this purpose, the DKIM identifier in your emails can survive forwarding, so that the recipient server can validate the legitimacy of the email. While DKIM has merits as a security mechanism, one of the reasons businesses need to ensure they have DKIM in place, is to reduce the likelihood of their emails being routed to SPAM by the recipient mail server, especially if the recipient organization has very strict email security policies enforced.
How do I know if I have a DKIM record setup for my Domain?
You can verify by using one of the many tools available online for verifying domain security, our recommended tool would be Redsift’s DKIM tool ( https://tools.redsift.com/sift/investigate) which not only gives you an overview of your DKIM configuration but also provides information on your SPF and DMARC configuration. Below is an example of the DKIM signature for our domain here at HayDrive, showing the default DKIM signature provided by office 365 prior to us setting up DKIM for our custom domain.
How is your Email Security configuration?
One of the main reasons I started this blog is to provide small businesses in Edinburgh and beyond with dynamic and adaptable enterprise-level Cloud IT and Security information with a special focus on Microsoft 365. If you would like quick no strings attached email security and domain Audit, feel free to contact us for a free bespoke email security audit report.
Sources: