Prevent Email Spoofing utilizing DMARC
Best Technique to Prevent Email Spoofing
Email is the key to your customer communication strategy. But, what is your email reputation?
Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. In spoofing attacks, the sender forges email headers so that client software displays the fraudulent sender address, which most users take at face value.
To prevent email spoofing, setting up and managing your DMARC (Domain-based Message Authentication, Reporting, and Conformance) configuration is the key to getting insight into your email delivery.
DMARC is a mechanism that ties SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) together to help domain owners prevent email spoofing by telling receiving mail servers how to handle mail that claims to come from your domain that did not align with your SPF or DKIM records specifications.
The way this works, the sending organization (your mail server) publishes a DMARC record to DNS (Domain Name System) that explains what to do with emails that fail (SPF or DKIM) or are questionable by either rejecting or quarantining the email. An added benefit of DMARC is that you can set it to receive reports from the recipient server that tell you exactly how your domain is being used. These reports are labeled forensic reports and aggregate reports.
Lock your domain down and ensure only authorized servers are sending mail on behalf of your domain by following these steps:
NOTE: SPF and DKIM are automatically setup on your cPanel when you add a domain or subdomain so we will only focus on DMARC setup here.
So let’s begin the setup to prevent email spoofing:
- On the next screen select the appropriate policy settings you wish your server to perform when an email that fails to meet SPF and DKIM records specifications (likely a spoofed email). Personally I want to reject all failed emails. Here you can also select “NONE” if you wish to only get the reports to see how emails sent in your domain’s name are behaving. Note that if you have other servers sending emails in your domain’s name (i.e. MailerLite) and are not listed in your SPF records, chances are that you will be blocking them from being delivered to the intended mailbox if you select to reject or quarantine those email. So monitoring the traffic beforehand for some time by selecting “NONE” may be a valuable decision.
- Ensure you are picking the domain you’re working with (if you have more than one in your list) then click Manage.
- Now look for an entry that starts out with _dmarc.yourdomain.com and in this section you’ll find all the options available for this DMARC policy. Ensure you also include your email address(s) for Aggregate and Failure Reports to be sent to you on a regular basis.
- Last thing is to hit the Save Record button and the process will be complete.
To check your setup visit https://dmarcly.com/tools/dmarc-checker, enter your domain name and hit the “Check DMARC Record” button.
Reports will be sent to your email in a .gz (zipped) format which if you unzip you will have an XML file format that can be easily viewed in Excel or utilizing a site like https://dmarcadvisor.com/dmarc-analyzer.
Alright! You have successfully secured your emails from future spoofing utilizing the DMARC policy setup. Hope you made it to the end without any problems but if you need any help setting up your server to prevent email spoofing, don’t hesitate to reach out and I’ll be happy to help out! 🙂
Perhaps you have several domains and wish to receive the DMARC reports at a single email from a specific domain. For example, you have Domain1.com, Domain2.com, Domain3.com and you want all 3 domains to send the reports to reports@Domain1.com. So in this case setup the DMARC as shown above and include reports@Domain1.com as an email on all domain records. HOWEVER, in order for this to work we’ll also have to setup an EDV (External Destination Verification) on Domain1.com. So here’s how you do this.
Go to Domain1.com cPanel and setup a separate record in your Zone Editor as follows:
Obviously in the example above you substitute domain1.com for the domain you wish to accept the DMARC reports. The * indicates that any domain is allowed to send DMARC reports to domain1.com. And that should do it!
Well if this was useful or simply too much to follow let me know in a comment below. You can always click here and I’ll be happy to give you a helping hand. 🙂
Leave a Reply