Why DKIM and DMARC are suddenly more important to the running of your business

Article by Sam Thompson in Security First Mindset on Apr 17, 2024

DKIM, DMARC and SPF explained

Email security is all about layers. We highlighted this in an article from last summer – a worthwhile read if you haven’t checked it out already. You’re likely familiar with some of the more well-known measures such as spam filters and phishing training, but there are other incredibly important features you need to know about. DKIM and DMARC, alongside SPF, are long-standing features but are only now being “enforced” more frequently. You’d be forgiven for not knowing what they mean or what they do, but that’s what we’ll cover in this article to get you clued up on why they’re so important to implement sooner rather than later.

Over 350 billion emails are sent every single day, making it the most popular method of communication across the world by far and highlighting how important it is to keep your business communications flowing and secure. As one of the most common attack vectors for cyber criminals, you want to ensure that your business is able to confirm the emails you receive are from genuine senders, and you need to ensure you are recognised as a genuine sender yourself. This is where DKIM, DMARC and SPF come in.

 

What are DKIM, DMARC and SPF?

DKIM DMARC Easy Explanations

SPF and DKIM prove that you are the genuine sender of an email. SPF is your Sender Policy Framework, which allows a domain to list all of the servers it sends emails from. Think of it a bit like a directory, like the Yellow Pages, where mail servers can look up someone’s email and confirm that they work for the organisation they say they do before allowing it through to the recipient’s inbox.

DKIM is a measure that acts as a digital signature, automatically “signing” every email sent from a domain to confirm legitimacy, much like you might sign a cheque to confirm it matches your card. This allows email providers such as Microsoft (Outlook) or Google (Gmail) to authenticate emails on behalf of the domain owners, and confirm they come from an authorised email server specified in the SPF records.

DMARC allows a receiver to say what happens to an email if SPF and DKIM records are not setup or are misaligned – think of DMARC as the bouncer at the door that doesn’t let someone in without seeing their ID and checking their bag. Don’t have ID? Looking shifty? Not getting in tonight mate.

 

Why do I need DKIM, DMARC and SPF?

You need to set these up to stay ahead of the curve. Whilst these measures are only recently being “enforced”, legitimate emails are already landing in spam filters or not reaching recipients at all due to misaligned SPF, DKIM and DMARC setups between senders and receivers. Those who have these protocols setup are protecting themselves from spoofing and phishing. Those who don’t are unable to send important communications to their clients, prospects, and suppliers.

 

Common issues

Most of us send emails via Outlook or maybe even Gmail, but many of us – especially in the marketing departments – also use third-party services that send emails for us, such as Mailchimp and HubSpot. If you do use services like these, make sure they’re setup correctly and are taking into account your sender credentials. Issues with these services have become apparent recently as they’re sometimes clashing with SPF, DKIM and DMARC records – the third-party nature of these services can make the measures suspicious that it’s not actually you sending emails! Don’t let all of your hard work on marketing go to waste.

As always, be careful making settings changes and ensure you follow the guidance of the third-party services you’re trying to setup or fix. If in doubt, speak to your IT support company who should be able to help. If they can’t, or you don’t have IT support already, make sure to give us a call.

Subscribe to our Bulletins





Free Download

Is IT a bottleneck to your company’s growth?

Discover how small business IT support can be a strong ally in making you more productive and competitive.

Download Ebook

bottlenecks