Protecting the legitimacy of your mailbox is essential in 2020 and email protection is now an integral part of the Managed Service Providers toolkit. When we talk about email protection, this comes in 2 flavours:
- Protection of the email coming in against mail born threats like spam, viruses, malware & phishing etc
- Protecting your domains reputation, ensuring that the people you send email to know that it came from a trusted source
Different technologies protect these processes as follows:
Inbound mail
In Microsoft 365 land, ATP – Advanced Threat Protection – scans all inbound emails.
There are many tricks and features Microsoft use to process your email … at a high level these are;
- Check the reputation of the sender domain – is the domain known to be a spammer?
- Check the reputation of the sending server – is the server known to be exploited or sending a lot of spam?
- Check the mail for dodgy links – eg, links to illegal websites, or links that spoof a known website.
- Check the email for attachments / viruses & malware.
- Check the sender of the email – is this legitimate, are they external to your organisation or are they pretending to be someone inside your business?
Words like safe links & safe attachments amongst many others are associated with ATP.
Outbound mail / domain reputation
Whilst outbound emails also pass through Microsoft ATP, once they egress the mail system at Microsoft and are received by the recipient, how does the recipient know the mail was from a trusted sender and not someone overseas sending mail as you from a dodgy server? Here technologies are applied as follows:
- SPF – Sender Protection Framework, this uses DNS to list the trusted IP addresses and server names where your domain emails will be sent from. If the IP is not in the list then don’t trust the email.
- DKIM – Domain Keys Identified Mail, this works by having a secure encryption key (long string on numbers) saved on authorised email servers where emails are sent from your domain. As the email egresses the mail server, it stamps the email with a key. The recipient email server looks up this key against DNS to see if there is a mathematical match. If so, the signature if correct, if not there is an issue.
- DMARC – Domain-based Message Authentication, Reporting & Conformance is a further addition to security by combining SPF and DKIM. A DMARC DNS record is created for the email domain with some configuration options instructing the receiving server what to do regarding the reputation of your domain.
Implementing SPF, DKIM & DMARC are all very well, however the onus is on the receiving email server to implement the checking technology correctly if at all.
All 3 technologies are available with Lucidity from the Microsoft 365 toolset. Lucidity have been fine-tuning our policies around these technologies to ensure the correct balance of usability and protection are deployed for our customers. We find they make an immediate impact in protecting your mailbox with little disruption. With ATP also available as an add-on to existing Office/Microsoft 365 services, or offered as a bundle as part of plans like Microsoft 365 Business Premium, adding these technologies is a no brainer if you are already utilising Microsoft’s cloud based offerings.
If you are still running on an older mail platform such as on-premise Exchange, these technologies are likely not natively implemented, so it’s a great time to consider making the move to Microsoft 365 to get the email protection you need in the current landscape.