DKIM Signature

Will a DKIM signature prevent email spoofing?

With email spoofing attacks continuing to cause significant damage, companies are turning to email authentication technologies like DKIM to protect employees, customers and partners as well as the organization. DKIM, or DomainKeys Identified Mail, uses a DKIM signature to sign email as it is sent. A public key for the DKIM signature is found in a DKIM record published in a domain's DNS records. When a mail server receives an email with a DKIM signature, it uses the public key to create a DKIM signature and will validate if that signature matches with the received DKIM signature.

While using a DKIM signature can help stop some spoofing attacks and reduce the percentage of emails that go to Spam and Junk folders, it is not a comprehensive solution. A DKIM signature is powerless to prevent scammers from simply changing the "from" address in the email header – the only part of the email that most users see. Consequently, many organizations today are turning to solutions like DMARC (Domain-based Message Authentication, Reporting & Conformance) to improve email security.

DMARC tightens security by working together with the DKIM and SPF protocols, requiring that an email is authenticated by one or both protocols. DMARC specifies the actions to be taken when an email can't be authenticated.

Implementing and managing DMARC, however, can be complex and costly. That's why so many companies today turn to Mimecast DMARC Analyzer to accelerate their DMARC deployment project and streamline management of DMARC authentication.

Deploy and manage DMARC with DMARC Analyzer

Mimecast DMARC Analyzer makes it easy to use DMARC to detect and block attackers by minimizing the time, cost and risk of deploying DMARC. Offered as a 100% SaaS solution, DMARC Analyzer simplifies the complex process of deploying DMARC and provides full insight into email channels to make sure legitimate mail does not get blocked.

Unlike DMARC solutions that require ongoing professional services for successful operation, DMARC Analyzer is designed for simple and effective self-service. Email administrators benefit from:

• 360° visibility and governance across all email channels.
• Email intelligence tools for simplified DMARC deployment.
• Easy to use alerts, reports and charts for monitoring DMARC enforcement and ongoing performance.
• Tools to manage complex DMARC deployment.

Comprehensive tools for email authentication

DMARC Analyzer offers self-service tools that help to simplify the complex task of implementing and managing DMARC deployment.

• DMARC record setup wizard to create DMARC records fast and easy.
• Analyze and enforce DMARC policy faster with user-friendly aggregate reports and charts.
• Track down malicious email sources with forensic reports.
• Ensure full coverage with unlimited users, domains and domain groups.
• Track progress over time with summary reports provided daily and weekly.
• Enhance security with two-factor authentication.
• Check DNS changes over time and receive email prompts when DNS records are altered.
• Validate records with DMARC/SPF/DKIM record checkers.
• Manage DMARC in Office 365 more effectively.
• Minimize risk and move to DMARC enforcement in the shortest time possible with managed services provided by Mimecast specialists with proven deployment and project management expertise.

Mimecast Impersonation Protect and other email security solutions

Mimecast Impersonation Protect provides an additional layer of anti-spoofing security. Where DMARC Analyzer protects against attacks built on the illegitimate use of your domain, Impersonation Protect defense against attacks that use domain similarity – where a sender's domain is subtly different from yours. To identify a message that may be trying to spoof an email address as part of an impersonation attack, Mimecast scans all inbound email for anomalies in the header, suspicious content in the email, similarity in the domain, the use of international character sets, and domains which have been registered only recently.

Additional email security solutions from Mimecast include:

• A Secure Email Gateway that uses multiple detection engines and threat intelligence feeds to stop targeted and sophisticated attacks like spear-phishing, malware, spam and zero-day attacks at the gateway.
• A service that protects against malicious URLs in emails by performing pre-click URL discovery, on-click inline employee education and post-click resolution to block dangerous file types.
• A solution that defends against malicious attachments using multiple inspection analytics on files, including multiple anti-virus engines, static file analysis, behavioral sandboxing and safe file conversion to ensure that employees get access to attachments as soon as possible.
• A service that protects against threats which have landed internally, or which originate within an email system. Mimecast continuously monitors and re-checks the status of all previously delivered files and scans all attachments and URLs in internal and outbound email for malware and malicious links.

FAQs: What is a DKIM signature?

What is DKIM?

DKIM, or DomainKeys Identified Mail, is an email authentication technique that adds a digital signature to email messages. The DKIM signature ensures that the email was sent from a trusted source and that parts of the email have not been changed or forged after it was sent.

When a message is sent with DKIM, the email is "signed" with a header that is encrypted and added to the message. When a receiving server sees that a message was signed with a DKIM signature, it validates the signature by running a DNS query to search for the public key, creates a DKIM signature and validates if that signature matches with the signature in the email.

A DKIM record check is a tool that examines and tests the domain name and selector for a valid published DKIM record. A DKIM record check can determine whether there are any issues with the record that may impact mail delivery. Mimecast offers a free DKIM record check that can validate existing DKIM records as well as potential updates to records before they are applied.