Office 365 Spoofing Protection - Is It Time to Start Using Email Authentication to Prevent Email Spoofing?

Are you finding that your business is constantly being targeted by phishing emails? Office 365 spoofing protection can help!

 

One of the business threats that has risen dramatically in 2020 is phishing. Phishing is such a big problem because it’s used extensively to deliver malware, viruses, spyware, ransomware, and other dangers.

 

94% of all malware is delivered via email.

 

A main ploy used in phishing email to get the recipient to trust the message is email spoofing. This is when another company’s email address is used in the “From” section of an email, but that is not really who is sending the message.

 

For example, a recipient might look at the From line of an email they receive and see “info@telstra.com.au,” and not look more thoroughly at the email before clicking a malicious link. But the email is actually being sent from a phishing spammer, using a completely different email domain.

Why You Should Worry About Email Spoofing and how can Office 365 Spoofing Protection Help?

When your company’s email is spoofed it can mean problems that can result in data breaches or lost customers. Here are some reasons you should worry about your email being spoofed:

  • Employees can be fooled into thinking a phishing email is a legitimate internal email and click a malicious link, causing a data breach.
  • Your customers may receive phishing using your domain address and blame you for it (even though your mail server didn’t send it).
  • Your reputation can become damaged, making it harder for legitimate emails to get through.

Email spoofing has become such a problem that Microsoft has added things like spoof intelligence to the Microsoft 365 platform to help detect when an email domain listed in the “From” line of an email does not match the domain actually sending the email.

 

This added security has caused a few other problems for businesses. These include customer emails being sent to spam or quarantine folders because they were picked up by the spoof detection in the company’s Microsoft 365 account.

 

Likewise, companies can have their own emails blocked because administrators haven’t properly set up email authentication for a 3rd party service, such as Mailchimp or Salesforce. 

 

Enacting email authentication can help reduce IT costs and protect your domain reputation.

Understanding Email Authentication Standards (SPF, DKIM, DMARC)

Why would a legitimate email that you’re having sent from your CRM get blocked as email spoofing?

 

What happens is that email spoofing detection looks for a match between the email domain in the “From” line of an email and the actual domain or IP address that the email is sent from.

 

If they don’t match, it can treat it as a case of email spoofing.

 

When companies don’t set up their mail server to approve a particular sender’s IP address (like that of your CRM program), then it’s not properly authenticated.

 

Phishing and the prevalent use of email spoofing, along with new spoofing protections are all reasons that now is the time to set up email authentication on your mail server.

 

This will:

  • Help prevent phishing attackers from spoofing your email domain
  • Allow you to know if someone is trying to spoof your domain
  • Get your emails delivered and keep them from being mistakenly tagged as spoofing

To set up email authentication you need to know about the three authentication protocols that are used. We’ll describe each below. It’s also important to know that these are best when used together (like three legs of a stool).

SPF (Sender Policy Framework)

SPF does the very first basic step of email authentication. It checks the domain that is in the “From” line of an email against information on which IP addresses are allowed to send email for that domain.

 

By setting up SPF, you can designate any third-party programs (like Mailchimp) as approved senders, so those messages won’t get blocked.

DKIM (DomainKeys Identified Mail)

The next step for ensuring email is being sent legitimately is DKIM. This step uses two keys that add a digital signature to an outbound email in the message header.

 

One key stays on your mail server, and the other travels with the message. The incoming mail server matches them to ensure no information has been altered. The keys also help authenticate that the email is coming from you and not someone spoofing your domain.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

Once a receiving mail server goes through the authentication process, what should it do if a message doesn’t match? That’s where DMARC comes in.

 

This final step in email authentication first verifies whether SPF and DKIM have passed and then tells the receiving mail server what to do.

 

For example, it may have instructions to send a message that doesn’t pass authentication to a quarantine folder.

 

DMARC can also request that the receiving mail server report back with any messages that pass and/or fail authentication. This is an important alert that can let you know if someone is spoofing your domain. It can also let you know if perhaps you’ve forgotten to add one of your approved senders to your SPF record.

Need Help Setting Up Office 365 Spoofing Protection?

Protect your business reputation and prevent email delivery problems by working with our managed IT support team at Connected Platforms to have email authentication set up on your mail server.

 

Contact us today for a free consultation. Call 1300 866 096 or book a coffee meeting online.