User

Can you trust an email?
What to look for, where to find it and free apps that do most of the work for you.

This article highlights important aspects of email that affect security. Who sent it, if it's been tampered with, where it came from and how DMARC answers these questions.

Why is email security important?

Email is essential to all aspects of our daily life including confirmation of purchases, information about products and services, even confirming we are a real person! It's essential to know that emails are genuinely from the person they say they are, and have not been altered.

Designed in an era of trust, email is open to abuse. It's essential to keep ahead and reduce the increasing threats including phishing and spam that can fool the unwary, prevent legitimate emails getting through and exposing an organisation, it's clients and staff to risks.

DMARC offers confidence by identifying who can send an email (authorisation), and by signing an email (authentication), confirms that it is authentic and unchanged.

How DMARC protects email

DMARC authorisation and authentication with SPF and DKIM

Confirming who sent an email, where it came from and if it has been tampered with.

Organisations authorise their servers or service providers to send emails on their behalf.

Individuals authenticate themselves with a username and password, allowing the server to sign each individual message.

DMARC brings together SPF for authorisation, DKIM for authentication and ensuring the signer is authorised to better protect email.

For those implementing DMARC, it offers the ability to monitor activity. It's widely adopted and significantly reducing phishing and spam.

How can I check?

Simply enter an email address and click assess.

Why now?

Spamming and phishing is increasingly sophisticated and getting better all the time, it can be difficult to distinguish genuine communications from the subversive, yet ever more imperative that we do so.

DMARC is the first to offer Authorisation and Authentication. Experience shows implementing a DMARC reject policy reduces spam and phishing for a domain significantly; they find easier targets elsewhere.

Increase confidence in your emails plus protect your organisation, staff, clients and your reputation before it's too late.

How much does securing emails cost?

Everything you need to check email, or if you're an organisation, implement DMARC are free.

Relying on chance could expose an organisation, it's staff, clients and prospects to anything from rejected emails to tarnished reputations or worse.

What to look for

The first thing to look for is who sent the email. This is the From and usually at the top of any email.

Is the email signed? Some clients offer this as standard, if not search for 'dmarc plugin' or 'dkim plugin'.

Examples of DKIM signatures:

Signed and validated
Example showing a valid signature, note it is signed by the same domain as the sender.
Invalid as not signed
Example of an email without a signature whereas the domain policy states that it should be signed.

Authorisation is normally checked on delivery so ask your ISP to confirm their DMARC policy and how it protects your incoming and outgoing email.