Email authentication technology is a key defense that makes it much harder for scammers to send phishing emails that appear to come from your company. This technology ensures that the receiving server can verify whether an email is truly from your business, helping to block emails from imposters. Suspicious emails might be rejected, quarantined, or flagged, and you’ll receive a notification.

What to KNOW

Many web hosting providers allow you to set up business email addresses using your domain name (for example, yourbusiness.com). Without email authentication, scammers can use your domain name to send emails that look like they come from your company. If your email is connected to your domain, you’ll want to ensure your email provider uses three essential authentication tools:

1. Sender Policy Framework (SPF)

• SPF lets receiving servers check whether an email is sent from an authorized server for your domain. When you send an email, the receiving server compares the sender’s server to a list of approved servers. If they match, the email is delivered. If not, the server may flag the email as suspicious.

2. Domain Keys Identified Mail (DKIM)

• DKIM adds a digital signature to outgoing emails, allowing servers to verify that the email really came from your domain and wasn’t tampered with during transit.

3. Domain-based Message Authentication, Reporting & Conformance (DMARC)

• DMARC is the third, critical layer of email authentication. It works alongside SPF and DKIM to ensure that the “from” address in an email matches the address verified by SPF or DKIM. DMARC also allows you to set rules on how to handle suspicious emails, such as rejecting them, flagging them as spam, or notifying you.

While these tools provide a strong defense, they can be tricky to configure correctly. If not set up properly, legitimate emails might get blocked by mistake. Make sure your email hosting provider can handle this setup if you lack the technical knowledge. If they don’t offer this service or can’t configure it properly, consider switching to a provider who can.

What to do if your EMAIL IS SPOOFED

Email authentication helps prevent scammers from using your company’s email in phishing schemes. If you receive a notification that someone has spoofed your email, take the following steps:

1. Report the Scam

• Report the scam to local law enforcement and the registrar of the fraudulent email. They can take action to investigate and shut down the fake account.

2. Notify Your Customers

• Let your customers know right away that scammers are impersonating your business. Use mail, email, or social media to get the word out. If you’re sending an email, avoid including hyperlinks—you don’t want your notification to resemble a phishing email itself.
• Remind customers not to share personal information via email or text. If customer data was stolen, direct them to IdentityTheft.gov for a recovery plan.

3. Alert Your Staff

• Use this as an opportunity to update your security practices. Train your employees on how to recognize cyber threats and take preventative measures.

Email authentication is a powerful tool in defending your business against phishing attacks, but it’s only one part of a comprehensive security plan. Keep your security systems updated, train your staff regularly, and always be prepared for potential cyber threats.

Stay tuned, stay secure, and let’s make Cybersecurity Awareness Month count!

*Article inspired by the guide “Cybersecurity for small business” written by the Federal Trade Commission (FTC).

——————–

We at APIS Consulting can assist you in enhancing your cyber security knowledge and IT security procedures. If you require any trainings, cyber security audits, to boost your IT security, or to outsource your IT security, you can get in touch with us via email at contact@apisconsulting.cn or by adding Antoine on WeChat using the QRcode below.

---