New email authentication policies in focus

New guidelines for email authentication using SPF, DKIM and DMARC have been in effect since February. These are intended to protect not only against spam, but also against spoofing. If your configuration does not comply with the new guidelines, you risk having your emails not delivered, being marked as spam, or someone unauthorizedly impersonating you or your company.

If you are affected by this change, you may be asking yourself: What do I need to adjust?

Am I affected?
What do I have to adjust?
What is Spoofing?

Am i affected?

You can easily check this using a free tool. To do this, use the SPF lookup and specify your domain (e.g., example.com). If you do not want to appear in the list of recently carried out checks, also activate the checkbox – specifying the IP address is not absolutely necessary.

If after checking it does not say “SPF check passed”, it is advisable to take appropriate action. Otherwise, you don’t seem to be affected by this issue.

What do I have to adjust?

While this can be done quickly, you still need to be careful to make sure you don’t change anything wrong.

Go to your website’s hosting admin area and open DNS settings.

DKIM

DKIM signing
1. This can vary depending on the provider. Edit your domain and activate “DKIM signing” and wait until the change is applied.

SPF

Add a new DNS record.

SPF
1. The name remains empty.
2. Type: TXT (SPF)
3. Data: v=spf1 mx a -all

Tag	Values
mx	MX record of the queried or explicitly specified domain
a	A/AAAA record of the queried or explicitly specified domain
–	unauthorized senders, therefore the email will be rejected

DMARC

Add a new DNS record.

DMARC
1. Name: _dmarc
2. Type: TXT (DMARC)
3. Data: v=DMARC1; p=reject; adkim=s; aspf=r

Replace with an email address to which the full report should be sent if something goes wrong.

Tag	Values
p	none (no action), reject (the relevant email will be rejected)
ruf	Comma-separated list of email addresses to which a detailed report of email messages that failed DMARC evaluation should be sent
adkim	s (strict mode) – Domain from DKIM signature and the domain from the FROM of the email header must match, r (relaxed mode) – it can also be a subdomain be used
aspf	s (strict mode) -Domains from the FROM of the email header and the so-called SMTP envelope must match, r (relaxed mode) – it can also be a subdomain be used

Then check again with the SPF lookup whether the changes were successful.

What is Spoofing?

The term spoofing refers to an attack technique in which cybercriminals break into computers or networks by impersonating a trustworthy identity. You’ve probably already received an email like this: a supposed notification that a package is stuck somewhere. To check the status, you are asked to click on a link from the supposed delivery person. There is a high probability that sensitive data will be disclosed. Criminals use this information to gain access to your personal account. By taking the above measures you will strengthen your protection against spoofing and reduce the risk of an email from you being marked as spam.