Mimecast's DMARC Analyzer builds on the SPF email protocol by strengthening email security defenses against potential spoofing.
Sender Policy Framework (SPF) is an important protocol for authenticating email that is used widely throughout the email industry. SPF email authentication enables senders to publish a list of authorized mail servers in an SPF record in the domain's DNS. Receiving mail servers can perform an SPF test to make sure the IP address in an inbound email matches an address in the SPF record. If an email fails an SPF Check, the email does not authenticate.
While SPF email authentication is helpful to a degree, it has significant drawbacks. Keeping SPF email records updated is time-consuming and problematic, and SPF doesn’t work for forwarded emails. Most importantly, SPF email tests offer no protection against criminals who spoof the display name or the “from” address in the email’s header – the part that’s most visible to recipients.
Consequently, more organizations today are turning to DMARC to improve email security. DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on the SPF email protocol as well as the DKIM signature authentication technique. DMARC requires that any email pass one or both protocols and that the information in the “from’’ address match other information known about the sender. DMARC also provides instructions for how email that fails authentication should be treated.
While DMARC significantly increases email security for brands, it can be complicated and costly to deploy and manage. Mimecast solves this challenge with Mimecast DMARC Analyzer, an easy-to-use solution to deploy DMARC.
While SPF email authentication is helpful to a degree, it has significant drawbacks. Keeping SPF email records updated is time-consuming and problematic, and SPF doesn't work for forwarded emails. Most importantly, SPF email tests offer no protection against criminals who spoof the display name or the "from" address in the email's header – the part that's most visible to recipients.
Consequently, more organizations today are turning to DMARC to improve email security. DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on the SPF email protocol as well as the DKIM signature authentication technique. DMARC requires that any email pass one or both protocols and that the information in the "from'' address match other information known about the sender. DMARC also provides instructions for how email that fails authentication should be treated.
While DMARC significantly increases email security for brands, it can be complicated and costly to deploy and manage. Mimecast solves this challenge with Mimecast DMARC Analyzer, an easy-to-use solution to deploy DMARC.
Mimecast DMARC Analyzer is a SaaS solution that allows organizations to manage complex DMARC deployments more easily. DMARC Analyzer acts as an expert guide, providing user-friendly analyzing software that helps organizations move to a DMARC policy as fast as possible.
While other DMARC solutions tend to require ongoing professional services to operate successfully, Mimecast's offering is designed for simple and effective self-service to reduce the time, cost and effort required to stop domain spoofing attacks.
DMARC Analyzer provides:
To improve SPF email authentication with DMARC, DMARC Analyzer provides self-service tools that include:
In addition to DMARC Analyzer, Mimecast offers a suite of email security technologies that together deliver multilayered defenses that maximize protection for organizations and their users and customers. Mimecast email security solutions help to prevent:
The SPF email authentication technique enables a domain owner to publish information in an SPF record in the DNS that lists the IP addresses authorized to send email for the domain. A receiving mail server can check that list against the IP address in any incoming email to determine whether the message is authentic.
SPF email authentication has a few major limitations. It can only check the authenticity of the "envelope from" address but cannot identify emails where the sender is spoofing the display name or the "header from" address in the message. SPF breaks when a message is forwarded and maintaining and updating SPF records can be a challenge as brands add new mail streams or change ISPs.
An SPF record check is a tool to look up an SPF record and to determine whether an SPF record is valid or whether it contains errors that may cause problems with mail delivery. Mimecast DMARC Analyzer offers a free SPF record checker that will look up an SPF record for any domain, display the record and search for issues with syntax or data that may create issues.