Friday, August 31, 2018

Increasing the security on my professional email

In 2016, I have decided to stop my personal emails for professional communication (eg:, I have changed my personal emails and I made sure they remain strictly confidential and shared only with close friends and family.

My professional email ends with now and is managed by me. It gives me total control over all the configuration and settings, and it is inaccessible via a login page. It gives me great power and control over my email and all the settings and configurations. Here are the security settings I use:

DKIM - DomainKeys Identified Mail

According to Zoho, "DKIM is an authentication method, which uses encryption with public/ private keys, to validate whether the emails are generated from the authorised servers, recognized and configured by the administrators of the sending domains."

This would prevent Email Spoofing and Email Backscattering. In DKIM, a public key is published as a TXT record for the my domain's DNS Manager which is managed by Cloudflare. Every outgoing email includes a distinct signature generated using the private key for my domain. The receiving email server uses this private-public key combination to validate the email source. If there is a validation failure, the recipient server may reject the email or classify it as Spam/ Forged email, based on the server behaviour.

SPF - Sender Policy Framework

According to Zoho, "Sender Policy Framework/ SPF is an Email validation system, to find out spoofed/ forged emails using a specific SPF record published for the domain with the details of hosts, that are permitted by the domain's administrators." 

Sender Policy Framework/ SPF Records is also published as a type of DNS record published in my domain's DNS which identifies the email servers that are permitted to send emails. The main goal of SPF records is to help the receiving server identify the spam emails, sent using my domain name by spoofing/ forging the From email addresses. 

Now, I have recently added DMARC:

DMARC - Domain-based Message Authentication, Reporting and Conformance

According to Wikipedia, "Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations. Specified in RFC 7489, DMARC counters the illegitimate usage of the exact domain name in the From: field of email message headers."

This is really great because now users cannot forge the 'From:' field of the email message headers. DMARC is capable of producing two separate types of reports which would allow me to find out who is trying to forge emails on my behalf.

Here are DMARC rows of an aggregate record shown in tabular form: 



Post a Comment