One of the biggest challenge that enterprises are facing now days is Email Spoofing, which consequently results in increased spam and phishing. To work around the problem, Office 365 now supports better email validation options that include DomainKeys Identified Mail (DKIM) and the Domain-based Messaging and Reporting Conformance (DMARC). Earlier to this, the Exchange Online Protection (EOP) used to filter emails and addition of these domain level authentication features is expected to give a safe emailing experience to online users.
DKIM: This is an email validation technique that allows the receiver to check if the email has arrived from authenticated domain, and that it is not modified from its traversal between the sender and receiver. The DKIM is embedded in the header field of an email. The message contains a digital signature that that is used by the recipient through the public key in the DNS published by the sender. There are a number of popular emailing services that use DKIM like Gmail, Yahoo, FastMail etc.
DKIM Does Not Filter Emails!
The DKIM field in the message header does not filter the spam but aids to filters to restrict spam depending upon the information returned by the filed. For example: If the email has arrived from a trusted domain, its Spam Score will reduce. If the DKIM signature of the email cannot be verified, it will be marked as spam or will be quarantined, depending upon the policy of email client.
How it Works?
The DKIM signature comprises of various “tags=value” parts. For example: The tag “bh” contains body hash, “d” means the signing domain, “b” the actual signature that contains the header and body of the message. The SHA-256 cryptographic hash is used to develop the encryption key.
DMARC: This is an email authentication mode that is used to lessen down the effect of abuse through email. DMARC policy gives an indication to the sender that the emails are protected by SPF (Sender Protection Framework) and DKIM. This also passes an instructional message to the receiver as what action should be performed if the message is a spam. Also, this technology reports the sender about the success or failure of the message.
How it Works?
DMARC enabled the domain owners to issue policy statement within the Domain Name Server that further guides the receiver domain as what has to be done with the message if it does not follow the standard authentication procedure. The most helpful part here is the Domain Alignment which means that the domain in the “From” field of the header and the authentication domain should match.
Alignment means that authenticating domain and the domain in From field of header is same. Alignment can further be divided as: “Strict” and “Relaxed”. While the Strict alignment indicates that the domains are matching, Relaxed alignment can be subdomain of a domain.
Since DMARD is an extension of DKIM and SPF, you can test the alignment from the header itself. For example:
These two features added to Office 365 enhance the emailing experience for the users by reducing the risk of spam and phishing. Moreover, new options and capabilities are added to Exchange Online Protection (EOP) service to work in favor of user experience.