Phishing is a huge problem for business owner as hackers like to send fake email pretending that the email is end by a brand. So, as a business owner, it is important for you to use email authentication to protect your customers and business alike from fraud.
What is Email Authentication?
The email authentication itself is a process done to make sure that the email come from legit source and not forged or faked even when it is not delivered. This process is done using various protocols by the mail server so they can verify the sender inside “from” field as well as other information inside the header of the email send.
These protocols will also check the email to make sure it was not altered during transit. The protocol can inform the mail servers about the message that are not authenticated. Thus, by using these protocols you will be able to protect your customers from spam message and phishing attempt using email spoofing.
The hackers usually use email spoofing to create a message so their email will appear as if it comes from a reliable business or brand. However, this email usually contains link that will direct the recipient to fake website which ask them to login into the account. If the recipient input their login credentials or any other sensitive information then the hackers can take that information and login credential.
Another phishing attempts that the hackers often done is using a fake sender name so it will appear as if the email from a reliable business or brand. This is why, you need to authenticate your email so the mail servers can identify the real email and eliminate suspicious email that pretend to use your brand name.
How This Method Work?
The authentication can be done using various method by validating the real origin of the email as well as the domain owner of the MTAs which used to transfer or modify the email. The process starts when you send an email using a subdomain or domain.
The protocols used as rules for email authentication itself is stored in the DNS record for the domains sending the email. Then in order to authenticate the email the mail server that send the email will communicate with the mail server that receive the email. That way they are able to double check the protocols inside the DNS and confirm the origin of the email.
Each protocols used to authenticate the email work uniquely, but the general process are as follows:
- The domain or sender owner will create a rule that can be used to authenticate the email that send on behalf or from the domain.
- The sender will configure the email server use to send the email and then publish the rules inside the DNS record.
- The mail server used to receive the email will authenticate the email to make sure that it really comes from the sender by using the rules published before.
- Then the mail server used to receive the email will follow the rules which can result to either reject, quarantine, or deliver the email.
Besides verifying that the sender is legit, this protocol also able to establish domain reputation and IP address so phishing email can be identified easier.
Different Types of Protocols Used to Authenticate Emails
SPF
This protocol can provide DNS record used to specify the hostname or IP address which authorized in sending the email from the domain. This is the oldest protocols used to authenticate emails.
SPF use entry in the form of DNS TXT which enable the mail server that receive the email to verify if an email that claim to be send from a specific domain really connected to the IP address authorized to send the email.
The mail server that receive the email will look for the rules that used to bounce as well as the domain return-path inside the DNS record. Then it will compare it to the rules inside the SPF record to make sure that both are matching with each other.
DKIM
This protocol is using digital signature which is encrypted key added inside the headers of the email. Then the digital signature can be use to verify the real sender of the email as well as associating the email with specific domain.
The sender of the email needs to set up the DKIM on their DNS record. This signature will act like fingerprint or watermark which unique to the email sender. This DKIM will continue to work even when the email itself is forwarded.
DMARC
Paypal led the development of this technology so they can improve email authentication protocol since their company often impersonated by hackers to create fake email. Then major email providers and a lot of brands begin to adopt this method to authenticate emails.
But technically the DMARC itself is not a protocol but a policy which used by the mail server that receive the email. They will refer to the DMARC before they deliver the email to authenticate it. Then it is also used to determine on how the email is handled when the authentication fails.
The policy itself is a record which published inside the DNS. Then it will be used to specifies that the domain which send the email is using DKIM, SPF or even both to authenticate the email. That is why this policy is considered as the best way to use DKIM and SPF since it can create common framework that can use those two protocols. There are three policies that the DMARC can apply to an email such as:
- None
If this policy is enabled then the email will be treated as if no DMARC validation is used. Usually, this email is used to get understanding about the email stream but it would not impact the flow. - Quarantine
This policy means that the email is accepted but it will be send to the spam or junk folder instead of the inbox. It also mean that the email should be isolated to be inspect further since it is suspicious. - Reject
When this policy is enabled then the email will not be delivered to any folder. Then the sender of the email will receive information as to why their email is not delivered.
BIMI
This is the newest protocol used to authenticate email. Unlike the other email authentication protocol this protocol will show the result in the email receiver’s inbox. If this protocol is correctly implemented then the BIMI will display the brand’s designated logo on the inbox.
With the logo showing then it means that the email is legit since it is authenticated by using the other authentication protocol. So, it can provide signal to the email recipient that the email comes from authentic brand.
Furthermore, this protocol can be used as another security layer since even if the phishing email managed to be delivered it would not be able to display the logo of the brand.
To be able to show your brand logo, then your company should implement DMARC policy along with DKIM and SPF.
How to Set Up Email Authentication
- Setting Up SPF
First you need to put SPF record inside the DNS server that you use. In the record you need to specify which IP address which allowed in sending email for your domain.
Add the SPF record by editing the file for DNS zone inside your domain and put the authorized IP address. Remember to put all of the IP addresses that used to send email in your domain. Once it is done you can save it and restart the DNS server to for it to function. - Setting up DKIM
The method used to set up DKIM will vary according to the ESP that you use. However, generally to set it up you need to copy the public key of your email account. Then you need to go to the control panel of your domain and open the TXT record. Paste the public key that you have copied before into value field and save the TXT. - Setting Up DMARC
Once you have set up the above email authentication protocols now it is time to set up your DMARC. First you need to open the DNS record using the control panel of your hosting. Then you need to create TXT record and fill the fields inside with suitable DMARC value that you use. Then you can save the file to publish it. - Setting up BIMI
You need to have DNS record in your domain with your verification token and your company logo. That is why you need to have VMC from certification authorities. Once the DNS record is published then it will take a day for it to work.
Conclusion
A lot of phishing attack are send using email disguised as a company. This can damage your reputation and dangerous for your customer. That is why, it is important for you to activate email authentication which can help to protect your business and your customers from phishing. So, you need to set them up using the guide here as soon as possible.
Tags: email authentication, email authentication protocols, email authentication types, email authentication method, email authentication guide,