The importance of having DKIM DMARC and SPF on your domain - correctly configured
Having your emails spoofed means others are sending emails that look as though they are from you. To avoid this there are new and specific things you need to do. These are called implementing DKIM DMARC and SPF records on your domain. If you are reading this is will because your domain either has these missing or they are not configured correctly.
The short version is, without having all 3 in place (DKIM DMARC and SPF on your domain), anyone can spoof your emails. This dangerously means that hackers can send emails that appear to come from you. This is known as 'Spoofing'
By tricking the receiver into believing these are genuine emails sent from you will lead to them being more likely to handover personal information or reveal sensitive information to the hacker who is pretending to be 'you'
If this does occur, the law states that you must write to all your customers, telling them you have been hacked and to ignore any emails sent with a particular subject or between certain times. This is a legal obligation to stop the knock-on effect of hackers so that others can change their passwords and stop credit cards etc.
It also leads to reputational damage for you with people losing confidence in wanting to trust you with their business or data in future.
Implementing DKIM DMARC and SPF on your domain stops spoofing as the combination of all 3 means that various checks are carried out before emails are allowed to be delivered. However, this topic has got a little more complex in 2024. Having all 3 implemented used to be enough but earlier in 2024, in a ramp up on the fight against hackers, Yahoo and Google initially led the way by implementing these more strictly with other providers like Microsoft joining them later in 2024. Read more on this here:
https://www.valimail.com/blog/microsoft-email-authentication-requirements/
The result of their increased security measures means that it is no longer enough to have all 3 in place: They have to be integrated with a stricter policy in place which will both check and cross-reference various items to verify to a new higher level, that the email is actually from you!
The outcome of this is 2 fold:
Implemented correctly, it becomes almost impossible to spoof emails
Configured incorrectly, your emails will go to people's spam folder!
Thus, getting DKIM DMARC and SPF configured correctly and implemented with an acceptable policy is a new and very important and a specialist job.
WHY HAS THIS NOT BEEN DONE PREVIOUSLY?
it is a relatively new level of security with only Yahoo and Google starting to enforce this earlier in 2024. Over the next 12 months we expect other providers to follow suit as the fight against hackers intensifies with Microsoft having recently joined in the fight (see above article link).
IS DKIM & DMARC COMPLICATED TO IMPLEMENT
Yes. It is very complex and it involves setting up reporting on emails too so can take a few hours to fully implement. If it is not done correctly it could end up with a non-working email system. It may require testing and reports analysed so expect a 1-2 hour task per domain name.
CONCLUSION ABOUT DMARC & DKIM
Times have changed and implementing DMARC & DKIM on your email system to the new higher security level is now a recognised vital component of a robust email security strategy. With the escalating threat landscape surrounding email spoofing, security conscious organisations are taking proactive steps to protect themselves by implementing DMARC & DKIM as a part of their layered security approach.
NEXT STEPS
We strongly recommend you take this preventative measure to avoid being exploited by hackers and spoofers. All we need is access to your email system backend and your domain's host provider (the place where you renew your domain name) which we may already have.