Stop Spam in Its Tracks: Why Unauthenticated and Unauthorized Emails Are Unwelcome

Every day hackers make email security on the Internet worse and every day more organizations adopt strict requirements for DMARC – DKIM and SPF records. Now that major mailers (like Gmail and Microsoft) are starting to automatically junk messages that fail authorization and authentication checks more IT teams are becoming familiar with the concept of deliverability and adhering to all the mailing rules so you end up in Inbox.

For the most part, this is a quick task an IT person can address by updating the DNS records and creating entries for SPF and DKIM. In simple terms, SPF controls which organizations can send messages for your domain and DKIM uses public-key cryptography to sign messages as they leave your email server. Both have the same goal: block third parties from spoofing/faking your domain and pretending to send messages as you.

Please adopt SPF and DKIM for your domain. Instructions on how to do that are at https://www.exchangedefender.com/docs/dmarc

Unintended casualty: Mail-enabled contacts

One of the favorite legacy email features was giving individuals an email address on your domain but not creating an entire mailbox. This way you can have a Bill@YourDomain.com but messages are automatically forwarded to BillG2051@yahoo.com.

That is no longer possible. While your organization will accept the message and attempt to forward it to the recipient’s actual email address, their server will see the message coming from your email organization and rejecting/junking it immediately. This is because the sender has published an SPF/DKIM record that authorizes only their servers to send messages, and you attempting to forward it looks like a forgery to the recipient’s mailbox. Most of the time the message bounces back to the sender or simply errors out.