Why do I need DMARC & DKIM?

Written By Patrick Moran

If you are looking to get or renew cyber insurance, your insurance company will probably run an external IT audit and give you a score which will determine how ‘risky’ you are to insure. They make this report available to you so you can see where you can improve. We are consistently seeing missing DMARC and DKIM zone records as flagged items on insurance reports which means your score will be lower than it could be. Implementing these items can improve your email security stance, so what is all this about?

BELOW IS PART OF A GENUINE REPORT SHOWING HIGH RISK & WHY

WHAT IS DMARC & DKIM
It is an additional and higher level of security applied between your domain name and email system and its goal is to mitigate email fraud. For example it can stop email spoofing (someone else sending out emails, pretending to be you, from your domain name).

WHY WOULD I USE DMARC & DKIM
Cybercriminals are constantly devising new methods to exploit vulnerabilities and launch phishing attacks, making email security a paramount concern.  DMARC & DKIM are tools to further protect against this. Therefore implementing DMARC & DKIM is a vital component of a robust email security strategy.

COMMON ISSUES REPORTED IF YOU DO NOT USE DMARC & DKIM
Without implementing DKIM & DMARC, you may suffer email receiving or sending issues (normally from companies that do!).  E.g. You will report email issues, however, the problem is that your emails are being checked more rigorously by companies that do use DKIM & DMARC.  This can lead to your emails being rejected, bounced or sent to spam folders.  This can have a dramatic knock on effect with potentially missed business or deadlines.

BELOW IS A GENUINE INSURANCE REPORT HIGHLIGHTING THE RISK

DOES EVERYONE USE DMARC & DKIM
No, it is an optional extra and previously not required or enforced but due to continuous worldwide hacking , spoofing, identity theft and cyber attacks, this is now becoming 'the norm'.

WHAT HAPPENS AFTER IMPLEMENTING DMARC & DKIM
Implementing the additional security measures of DMARC and DKIM on your email system has positive effects such as: preventing email spoofing; ensuring better email deliverability; raises email security levels and protects brand reputation.

The negative effects are that it can block emails coming in from other companies that don't implement the same very high email security standards which could be annoying if you are expecting an email but don’t receive it! Additionally it can stop services you use such as scan to email on a printer or your contact us page on your website as these could be deemed insecure now, but this is all fixable.

IS DKIM & DMARC COMPLICATED TO IMPLEMENT
Yes.  It is very complex and it involves setting up reporting on emails too so can take a few hours to fully implement.  If it is not done correctly, it could end up with a non-working email system.

CONCLUSION ABOUT DMARC & DKIM
Times have changed and implementing DMARC & DKIM on your email system is now a recognised vital component of a robust email security strategy.  Traditionally DMARC & DKIM have been an optional extras when setting up email systems, not traditionally implemented.  But due to the new and sophisticated email based hacking and spoofing attacks, it is expected to become a requirement from many insurance companies to lower your risk.  With the escalating threat landscape surrounding email security, security conscious organisations are taking proactive steps to protect themselves by implementing DMARC & DKIM as a part of their overall layered security posture.

To better understand this topic read our blog here

Patrick Moran
Previous

Don't Forget to Turn it Off & Turn it Back On!
Next

Too Many Passwords To Remember? A Password Management Solution Is Needed!