The Importance of Email Authentication to Combat Spoofing

, ,

Phishing attacks remain a constant problem for businesses, and they have increased in 2020 due to the pandemic. Scammers have been taking advantage of the crisis, with Google reporting an increase in phishing websites of 350% when the pandemic first began. Now, on top of the COVID phishing scams, seasonal holiday phishing is out in full force. This means company networks are under attack more than ever.

As the number one delivery method for malware, viruses, spyware, and other types of cyberattacks, phishing is an issue that needs to be combated with a multi-layered strategy. This includes a combination of employee awareness training, IT security solutions, and email safeguards to reduce your risk of attack. One of the email safeguards that Tennessee and Kentucky businesses need to consider is email authentication. This helps prevent one of the main tactics used to fool users into thinking an email message is legitimate – email spoofing.

What is Email Spoofing?

Email spoofing is when a phishing scammer uses a trusted email domain in the sender area of a message. However, that person did not really send the message. For example, they often use a company’s own domain to trick an employee into believing a message is real. The user will look at the “From” address and see and they’ll automatically trust the message.

This also happens with messages from web hosts and other vendors. Their domain is spoofed to fool the recipient into taking action on the email, such as clicking a malicious link or opening a virus-laden file. One telltale sign that the sender’s email is not the real person that sent a message is if the IP address that is approved to send email for a particular domain is not the IP address that actually sent the message. But how do you know if there is a mismatch? That’s where email authentication comes in.

How Does Email Authentication Work?

Email authentication consists of protocols that are used on a mail server. These protocols check incoming messages for any signs of email spoofing. There are three key protocols that are used together, each one adding another layer of protection.

Sender Policy Framework (SPF)

SPF is the first layer of email authentication. What it does is allow you to designate which IP addresses can send email for your domain. Typically, a company will include their main mail server and then any other 3rdparty services that they send mail through, such as something like Mail Chimp or a CRM program. The SPF protocol is then used to match the authorized IP addresses for your domain against mail being sent with your domain in the “From” line of an email. If they match, the authentication passes, if not, the authentication fails.

DomainKeys Identified Mail (DKIM)

The next layer is DKIM. This authentication protocol goes a step farther by using two encryption keys. One that stays in a secure location only accessible by the domain owner. The other is sent with each message sent from that domain. The protocol is used to detect whether the header or other important information has been changed from the time the message was sent to when it was received. Then they check whether the two keys match as they should, which would indicate the message was authentic.

Domain-Based Message Authentication, Reporting & Conformance (DMARC)

The third protocol is DMARC and it brings the other two together. It checks both SPF and DKIM to see if they passed or failed. It can then be used to give instructions to the receiving mail server as to what to do with a message based upon whether it is properly authenticated or not. For example, a DMARC command could be:

  • Quarantine a message and flag it as not trusted if it doesn’t pass authentication
  • Reject any messages completely that fail authentication
  • Report back to the sending mail server of any failed messages

Using these three email protocols can help your business combat phishing that uses email spoofing. This helps you prevent attacks that try to trick your employees by sending phishing that looks like it’s from inside your company. Another benefit of adding email authentication is that it can help prevent your legitimate messages from being sent to junk folders because of another company’s email authentication. Many companies saw this problem happen earlier in 2020 when Microsoft 365 increased their phishing and email spoofing protections. Email authentication is a good email security policy because it adds additional confirmation about which servers are authorized to send email for your domain.

Get Help With Email Security & Phishing Safeguards

Copperband Technologies can help your Middle Tennessee or Southern Kentucky business with email security, such as email authentication, that will keep you protected from rising phishing attacks. Contact us today to schedule a consultation! Call 931.263.8000 or email us.