DMARC, DKIM, SPF Record – Improve Email Security

DMARC, DKIM, SPF concept pic

If you want to improve your spam score, increase email deliverability, stop ending up in junk folders, and reduce phishing and impersonation emails from your domain, DMARC, DKIM and SPF Records can help.  As a managed IT services provider in Toronto, it’s a little shocking at how many IT providers don’t understand or apply these domain security controls for their clients.

In July 2023 Microsoft pushed DMARC as standard. In Feb 2024, Google, Yahoo and others announced these email security controls are now required. This is great news for everyone, because all our communications will be a little safer. Read on for an overview of these simple technical changes we can make for you to improve your domain security, email security, and reduce email impersonation and other email security threats. 

You can use your Sender Policy Framework, DKIM and DMARC tools in tandem to reduce phishing emails, reduce impersonation emails, reduce domain spoofing, and protect your business. You will want to set them up in that order as well, with SPF first, then DKIM, and lastly DMARC, as it requires the other two to already be in place. 

To dive in to a DIY setup in Microsoft 365 on your own, you can follow this Microsoft guide.

Or keep scrolling to learn about these tools. If you would like help setting them up, we are based in Toronto ON and can serve your remotely across Canada. Reach out. Now let’s dive in.

Your Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is an anti-spam approach whereby the email sender’s domain is scored for threat risk.

For example, when you setup your SPF, you (or your IT provider) will specify which servers are authenticated to send mail on your behalf, via your domain and business email addresses at that domain.

If a mail server sends an email, and that email server is not part of the SPF record, it is rejected. This protects your domain and others from receiving spam forged to look like it is coming from your organization.

You have likely received a phishing email at some time which appeared to be from one organization, but in fact was a spoofed email from a malicious sender. These emails are utilizing Sender Address Forgery, and this is exactly what a DNS SPF record fights against.

So, your email may end up in spam folders because your personal computer or free webmail is not part of the recipient’s SPF record, and it is rejected.

Solution: Create an SPF record for your domain. Most users will require the help of their IT support person to accomplish this.

DKIM – Domain Keys Identified Mail

DKIM signatures are used to authenticate emails by adding a predefined header to each email message, which is protected by encryption at the mail server level and verified that the email is authorized by the sending domain.

When the email is received, the recipient’s incoming email server checks the DKIM signature to confirm that a message was in fact sent from the authorized domain.

DKIM records help improve the deliverability of your outgoing emails by authenticating you and your domain as trusted senders.

DMARC – Domain-based Message Authentication, Reporting and Conformance

You can think of DMARC as an attestation that your Sender Policy Framework and DKIM records are legitimate.

DMARC is an email validation tool that protects your domain and email addresses from being used in email phishing and spoofing campaigns and protecting your domain security.

DMARC builds on SPF and DKIM and adds a reporting functionality to allow you to gain insight into who is sending email on your behalf. Publishing a DMARC record into your DNS record will give you visibility in to and control over your email communications.

This in-depth explanation of DMARC is perfect for more technical readers. For business owners, your key takeaway is to ensure you have domain protection tools such as SPF, DMARC and DKIM in place.

More Email Security Tips

This is by no means an exhaustive list of spam reduction or email security tools you can use to protect your organization, however it gives you an overview of some important, effective action items you can tackle today.

TUCU Managed IT Services in Toronto has been helping small business and nonprofits since 2003. We are Certified Google Cloud and Microsoft 365 partners and would be happy to help you with your email security and business protection needs. Please reach out to schedule a free phone consultation today. 


More Posts

Free Consultation

Get IT Solutions for your business.