How to Protect Yourself from Domain Spoofing and Phishing with ExchangeDefender
At ExchangeDefender we want you to be safe online. One of the biggest and best steps you can take towards that goal is to both protect your domain from being “spoofed” (forged by a spammer) and to block any such forgeries from arriving into your mailbox.
About Spoofing
Spammers and hackers routinely abuse domains that do not have a SPF or DKIM record. They configure their email software to use your domain name for a SPAM campaign or to launch sophisticated phishing attacks. If you’ve ever received an email from yourself, or from a forged government or corporate entity, you’ve been a victim of spoofing. If you’ve ever received thousands of rejections and delivery receipts for messages you never sent, you’ve been a victim of spoofing. Because so many domain owners do not take responsibility for their DNS configuration, this is the most widely abused mechanism.
Good news is, ExchangeDefender can help protect you from these attacks and brand misuse through implementation of SPF, DKIM, and our corporate policies.
SPF (Sender Policy Framework)
ExchangeDefender uses SPF to verify that the email is coming from a source that your organization trusts to send messages. This is typically your email server, our email server, and sometimes a business application (like a hosted CRM) that sends email using your domain name. All others get rejected as forgeries.
How do you setup your SPF record? Simply go to wherever your domain name is hosted (your name server) and add this TXT field to your zone. You may need assistance from your ISP, domain registrar, or whoever is actually running your name servers. If you don’t know who that is, or they are too difficult to use, ExchangeDefender will host your domain free of charge. The TXT record will not have a hostname and the value should be set to the following:
Hostname:
Record type: TXT
Value: v=spf1 include:proxy.exchangedefender.com -all
DKIM (Domain Keys)
ExchangeDefender uses DKIM to validate automated digital signatures. We also sign messages for all customers that rely on ExchangeDefender to send outbound mail (pretty much everyone). This is a 2 step process similar to SPF.
Step 1: Request public key
Go to https://support.ownwebnow.com and open a ticket requesting signatures of your outbound mail. Please specify which domains you wish to sign because each domain must have its own set of keys.
Step 2: Create a DKIM public record
Go to wherever your DNS is hosted and just like in SPF, create a DKIM record:
Hostname: default._domainkey
Record type: TXT
Value: v=DKIM1; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0SXzBGHoJcBVKyNEntvTiMtoSIH4uiuY6i5hzF47
A2eYb4pB/gtsHpP1vpDgzZvwVLz65nQwnm4wvSFsarKwCyWYyvGwPvBd9+v2Jcrk5dsfHioUDZo5oSvbRY
+e8AD7eo42A/pYdgZxL9KRyZbMsCtHJrAqvYB6LZP0SFVvkYQIDAQAB
Important: This is just an example. You will need to use your own public key generated in Step 1 and provided by us. Also, the value of the TXT record has to be on the same line, if there are any line breaks (if you copy it from an email or web page) please remove them.
Step 3: Update the ticket with us to test deployment
After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender.
After the DNS record has been created for your domain, we will validate it and if configuration is valid we will start signing your outbound messages going through ExchangeDefender.
ExchangeDefender Policy
While we encourage all of our clients to implement both SPF and DKIM, we understand that there are sometimes business scenario cases under which this is impossible. If you find yourself in this predicament you should immediately change where your name servers are hosted and take full control of your organizations identity online. But if that is still something you may not be able to do, ExchangeDefender can still protect you from phishing attacks and spoofing launched using your own domain name. If you’ve ever received email from yourself or from a colleague (but the email actually came from a server in Poland) then this setting will help you.
Go to https://admin.exchangedefender.com and login as the domain administrator (username is your domain name).
Click on Security Settings > Phishing
Under “Flag External Emails” click on Enable and then Save.
After this setting is applied, all messages from your domain that were sent from outside of the ExchangeDefender network will go into the SureSPAM quarantine. Just tell users not to trust, whitelist, or release messages that are coming from your own domain because they are certainly not legitimate.Note: This is the option of last resort and will not stop hackers or spammers from abusing your domain for phishing, spamming, or hacking. However, it will stop those messages from arriving directly into your users mailbox. If you already have a valid SPF record (with -all, not ~all) and DKIM in production, this setting is not necessary as ExchangeDefender will automatically reject messages that fail SPF/DKIM validation.
If you have any questions or concerns about ExchangeDefender and implementation of SPF, DKIM, or phishing policies please feel free to contact us.