Prevent Email Spoofing using DKIM, DMARC, AND SPF

To prevent email spoofing. You must protect your domain and in this article, I will help you to do it.

Spamming is increasing day by day and intruders gain access to your domain to send the email to the users, therefore, it is important to protect your domain to ensure that when you send the domain users will receive it with the assurance that it is sent by you. On the other hand, you will also ensure that no one else other than the desired (servers and users) sends the email from your domain.

Therefore you need to have Domain authenticated for sending the email. In this article, I will explain 3 important elements. DKIM, DMARC, and SPF.

DKIM

DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain.

This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption. Once the receiver (or receiving system) determines that an email is signed with a valid DKIM signature, it’s certain that parts of the email among which the message body and attachments haven’t been modified. Usually, DKIM signatures are not visible to end-users, the validation is done on a server level. Implementing the DKIM standard will improve email deliverability. If you use DKIM record together with DMARC (and even SPF) you can also protect your domain against malicious emails sent on behalf of your domains. Though, in practice, these goals are achieved more effectively if you use the DKIM record together with DMARC (and even SPF).

DMARC and DMARC Analyzer use both SPF and DKIM. Together they provide synergy and the best result for email security and deliverability.

DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance): It is a Protocol that uses (SPF) and (DKIM) to determine the authenticity of an email message.

DMARC makes it easier for Internet Service Providers (ISPs) to prevent malicious email practices, such as domain spoofing in order to phish for recipients’ personal information.

It allows email senders to specify how to handle emails that were not authenticated using SPF or DKIM. Senders can opt to send those emails to the junk folder or have them block them all together.

In other words, If you have an online business, a website, and customers, you must watch this video to protect your self before you lose everything!

Obviously, if you have a website, then you have a domain name, and you probably send emails to your customers, whether marketing or transactional emails. anyway, when you send an email, you are using your domain name, which means s your business name, your Reputation Online. imagine if someone came and used your name and started sending spam to people, what will happen??? SIMPLY YOU WILL BE DESTROYED, you will lose customers’ trust, you will lose your reputation, you will lose everything. In this video, I wanna show you how to protect your website and your name, and your customers by using SPF, DKIM, and DMARC, and especially how to implement DMARC.

How to add DMARC?

To add dmarc there are various services that give you this service. But you can do it simply in two steps;

Visit the Website EasyDMARC and click on tools.

First Validate whether your domain is having DMARC record click on DMARC record Lookup.

Second step is to generate the DMARC record, I did it for my website you can do it as below;

It will generate below record

v=DMARC1;p=reject;sp=reject;pct=100;adkim=r;aspf=r;rua=mailto:[email protected];ruf=mailto:[email protected];ri=86400;fo=1

Just add this to your Domain Zone editor as TXT Record as below

_dmarc.syncbricks.com 

Click Save and Done

SPF

SPF(Sender Policy Framework) is another authentication technique that helps you to prevent spoofing. You can simply add the domains, subdomains, IP addressses of servers, or applications which you authorize to send an email.

How to add SPF?

First you need to check if SPF is already added to your domain, you can do this by looking at whatsmydns.com and search the TXT record of your domain.

You will need to create the SPF record for your domain that typiclally looks like this

v=spf1 +a +mx +ip4:72.61.224.88 include:spf.amjidali.com ~all

You can add multiple ip addresses that you use to send email to , complex one can be below;

v=spf1 ip4:199.201.110.203 include:spf.mailjet.com ip4:77.83.60.48 ip4:185.31.56.0/24 include:spf.protection.outlook.com include:spf-0033f401.pphosted.com -all

You can follow the information mentioned in DMARC Section to create records for your SPF just by modifying the IP Addresses or server ip which could by your Gmail Server or Microsoft Office 365