4 Checks to Authenticate Sender of an Email

With phishing and spam emails on the rise, they not only pose cybersecurity threat to the recipient’s organization, but also end up wasting productivity of those who are on the receiving end. In most cases, people have to sift through such emails which requires opening emails and reading such emails before they are identified as suspicious and deleted. In some cases, people accidentally click on such emails and also fall prey. Deployment of a good spam filter can ensure such emails are effectively blocked or quarantined and not allowed to land into the recipient’s mailbox. Authentication of sender plays a huge role in deciding which email is allowed and which needs to be blocked or quarantined.

In this edition, we briefly discuss 4 tests that an email must pass through in a spam filter before it is allowed to land in the recipient’s mailbox. We urge all IT decision makers to ask their vendor companies to ensure the spam filter incorporates all these 4 tests.

• Domain Key Identified Mail (DKIM): DKIM enables a sending domain to cryptographically sign outgoing messages, allowing the sending domain to assert responsibility for a message. When receiving a message from a domain, the recipient can check the signature of the message to verify that the message is, indeed, from the sending domain and that the message has not been tampered with.

• Sender Policy Framework (SPF) Check: Sender Policy Framework (SPF) is a sender authentication tool that works by having domain publish reverse MX records displaying which machines are designated as mail sending machines for that domain. When receiving a message from a domain, the spam filter can check those records to make sure mail is coming from a designated sending machine.

• Domain Message Authentication Reporting & Conformance (DMARC): A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

• Pointer (PTR) Record: While the A record for a domain to an IP address, a PTR record resolves an IP address to a domain/hostname and is used for reverse DNS lookup. When the spam filter, upon intercepting an email, cannot find a PTR record for the domain or the PTR record points to another domain name for the IP address of the sender, email is blocked and not delivered to the recipient.