Email is a bane of existence. The pain and suffering involved in running an email server does not improve character. Fortunately eventually a recipe has been concocted which suits reality.

TLS

Transport Layer Security is the encryption for the connection between the email reading device and the email server on the internet. If you have TLS you can sit in a busy airport or cafe and work using their wifi secure in the knowledge that someone else isn’t intercepting your exchanges. TLS has replaced SSL.

SPF

Sender Policy Framework prevents spammers from faking emails by listing the servers which can send your email. If the email doesn’t originate from the correct server it fails the test.

DKIM

DomainKeys Identified Mail is an email authentication method designed to detect email spoofing. It allows the receiver to check that a domain associates its name with an email message by affixing a digital signature. Verification is carried out using the signer’s public key published in the DNS. A valid signature guarantees that the email has not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than message’s authors and recipients. In that respect, DKIM differs from end-to-end digital signatures

DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system designed to detect and prevent email spoofing. It provides a mechanism which allows a receiving organization to check that incoming mail from a domain is authorized by that domain’s administrators and that the email (including attachments) has not been modified during transport. It is thus intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations.

DMARC is built on top of two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy on which mechanism (DKIM, SPF or both) is employed when sending email from that domain and how the receiver should deal with failures. Additionally, it provides a reporting mechanism of actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the From: header field, which is often visible to end users, should be considered legitimate.

Strict Enforcement

All of the above are optional and all can be enforced to a greater or lesser degree. Email is the core of any business, protecting it is essential. Preventing an email from being faked or altered is critical. Competence implements all of the above protocols and enforces strict compliance. This means if any email doesn’t pass the tests it is rejected by any DMARC complaint mail server. This belt and braces approach drastically reduces the chances of your email being blacklisted or spam filtered. By complying with all standards the Ham index (Ham is not Spam) for your emails is greatly increased.

Should someone decide to appropriate your email the servers which relay email will automatically delete their fraudulent emails, preventing delivery, and locating the faker.