SPF,DKIM & DMARC for Message Hygiene Services

This article is about securing email transmission and I mention multiple vendors. Proofpoint recently acquired Wombat Security Technologies that provide security awareness training for end users. knowbe4 is another excellent security awareness training provider and the Gartner leader in security awareness training.

None of the vendors I mention in this article can provide zero day vulnerabilities protection and I still think one of the best line of defences for any organisation is security awareness training for end users.

SPF The Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. With SPF an organisation can publish authorized mail servers.
Ref: https://www.dmarcanalyzer.com/spf/

DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.
Ref: https://www.dmarcanalyzer.com/dkim/

DMARC : DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
Ref: https://dmarc.org/

With the combination of SPF,DKIM and DMARC , these standards improve the reputation of an email like contoso.com. But most importantly they can help an organisation like contoso.com from being a victim of a phishing or an email spoofing campaign.

A lot of my enterprise customers and early adopters of Exchange Online chose not to use Exchange Online Protection because it quite simply wasn’t good enough at the time they moved to Exchange Online. Exchange Online Protection has really matured in the last number of years with some excellent features like:

  • Office365 ATP
  • Zero Hour Purge
  • Automated Investigation and Response (AIR)

In my view the two best locations for technical guidance on configuring Exchange Online Protection

  1. https://office365itpros.com/
  2. https://www-undocumented–features-com.cdn.ampproject.org/c/s/www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/?amp

DKIM and DMARC should be configured on the last hop of email messages transmission.

Microsoft have documented how to configure DKIM for Exchange Online HERE
Microsoft have documented how to configure DMARC for Exchange Online HERE

Symantec Email Security Cloud DKIM
Symantec Email Security Cloud DMARC

Mimecast DKIM
Mimecast DMARC

Proofpoint DKIM
Proofpoint DMARC
Note: DMARC Not supported on ProofPoint Essentials

Cisco Cloud Email Security DKIM
Cisco Cloud Email Security DMARC

ForcePoint Email Security DKIM
ForcePoint Email Security DMARC