This article is about securing email transmission and I mention multiple vendors. Proofpoint recently acquired Wombat Security Technologies that provide security awareness training for end users. knowbe4 is another excellent security awareness training provider and the Gartner leader in security awareness training.
None of the vendors I mention in this article can provide zero day vulnerabilities protection and I still think one of the best line of defences for any organisation is security awareness training for end users.
SPF The Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. With SPF an organisation can publish authorized mail servers.
DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.
DMARC : DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
With the combination of SPF,DKIM and DMARC , these standards improve the reputation of an email like contoso.com. But most importantly they can help an organisation like contoso.com from being a victim of a phishing or an email spoofing campaign.
A lot of my enterprise customers and early adopters of Exchange Online chose not to use Exchange Online Protection because it quite simply wasn’t good enough at the time they moved to Exchange Online. Exchange Online Protection has really matured in the last number of years with some excellent features like:
- Office365 ATP
- Zero Hour Purge
- Automated Investigation and Response (AIR)
In my view the two best locations for technical guidance on configuring Exchange Online Protection
DKIM and DMARC should be configured on the last hop of email messages transmission.