Have you noticed that it’s more difficult to get an email through to a recipient these days? Messages can get rejected or sent to a quarantine folder and often the sender has no clue why it’s happening.
Having an email bounced or sent to a spam folder without realizing it can cause customers to get frustrated waiting on information they were expecting and can also cause you to miss important client emails if your mail server is the one doing the rejecting.
While email server security isn’t something new, there has been an event that has caused this to happen more frequently for many users in recent months.
In March, Microsoft significantly increased protections against phishing and email spoofing in Office 365 (now called Microsoft 365). This was to help combat the skyrocketing number of these types of attacks.
Email spoofing is when a spammer puts another company’s email address in the “From” line of a message, but it isn’t where the email is originating from.
This can lead to clients, vendors, and employees getting fooled by a phishing email and believing it to be legitimately from your company (and blame you for the result). But since it’s “spoofing” and not actually being sent from your company’s server, it can be hard to stop.
While anti-virus protections on your computers like Quantum Care can help prevent you from getting infected from a phishing email, it can’t stop a scammer halfway across the word from spoofing your email address.
That’s why email authentications are becoming more vital, including the use of SPF, DKIM, and DMARC as a 3-in-1 safeguard.
Why Are Messages Being Blocked or Send to Junk Folders?
One of the new settings added to Microsoft 365, that is causing some users to wonder why emails are suddenly being blocked or sent to spam, is called spoof intelligence.
Spoof intelligence is designed to detect when an incoming message has a “From” email address in the header that doesn’t match the domain that the message was sent from. When this happens, Microsoft’s mail server sends the message to either the Junk folder or into quarantine.
For example, if a scammer is sending out phishing attacks from the email domain “@phishingattack.com,” but in the “From” of the email address they use “email@example.com,” this is recognized as a spoofed email and handled accordingly by the mail server.
The problem is that legitimate messages can also get blocked. For example, if you use a third-party email program through an app like Salesforce or Mailchimp. That app’s server may be sending an email on your behalf, but you would most likely want the recipient to see your company’s email address when it comes in, so they recognize it.
If not configured correctly using the SPF/DKIM/DMARC frameworks, it can be blocked by Microsoft’s mail server as well as others.
Phishing attacks have increased 667% since the COVID-19 pandemic.
Many services have done the same as Microsoft and increased email spoofing detection to help combat the significant rise in phishing since the pandemic started.
Protections Against Email Spoofing
SPF, DKIM, and DMARC are three different email authentication methods that are designed to work together. They embed additional hidden details in an email that tells the receiver’s mail server that the message is legitimate and not a spoofed email.
You can think of them like three legs on a stool. To properly authenticate and include handling instructions with your emails, you need to have all three legs working together.
SPF (Sender Policy Framework)
SPF is the first framework and it’s designed to tell a receiving mail server whether or not the IP address that the email was sent from is authorized to send email for your domain address.
This is the tool you can use to designate a server of Salesforce, Mailchimp, or another application as “okay” to send email for your company’s email address, so it doesn’t get blocked as spoofing.
DKIM (DomainKeys Identified Mail)
DKIM uses a pair of authentication keys, one that is on your mail server and another that goes with the message and is read by the recipient’s mail server and matched.
These keys let the incoming mail server know that the header and other important information in the email message routing have not been altered during transit and that the email is legitimately from the sender.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC is the final validation layer and includes important instructions for handling and reporting of email sent on your domain.
DMARC has three main purposes:
- Verify that a message has passed both SPF and DKIM authentication.
- Tell the receiving mail server what to do with messages that don’t meet the authentication (i.e. spoofed emails).
- Give instructions to the receiving mail server to report back to your mail server about messages that either pass or don’t pass authentication.
With these three authentication frameworks in place, you can help prevent spoofing of your email address by phishing spammers and ensure your legitimate emails aren’t being blocked.
Get Help Setting Up Email Authentication for Your Company
Quantum PC Services can help you put email authentication in place on your mail server to prevent multiple frustrating email issues from slowing you down.
Contact us today to get started. Call 920-256-1214 or reach us online.