IT Blog

Best Practices security Technical Uncategorized

Email deliverability & security

This is a fairly technical matter and if you’re a Lorica client, we take care of this for you. However, this post is here in case you want to understand what’s going on.

We’re concerned with two things here.

  1. Email you send out arriving in the recipient’s inbox – deliverability
  2. Email sent to you, which is probably fake or nasty, not arriving in your inbox.

As you can see, the two are almost diametrically opposed. As a good person, you want to all your emails to arrive. The bad people want the same as you.

To ensure good email arrives where it should, there are systems in place that should filter out the bad from the good and ensure that both points above are addressed.

The central tenet here is all the systems are geared towards ensuring that emails are what they appear to be. So, email that is from a particular sender is being sent by the systems belonging to that sender.

To ensure that, records are added to the DNS (owned by the sender) that specify certain things, like the servers allowed to send email. Then, recipient systems (servers and/or email programs) can lookup those DNS records and ensure they are correct. As a result, email is delivered, rejected or marked as spam appropriately.

The bottom line is that emails sent to you that are not genuine don’t arrive in your inbox AND emails you send out arrive where you need them to.

We can implement the following measure for our clients (with Wikipedia links). If you want to see if and how this is done for you, then please raise a ticket for info.

  • SPF – Sender Policy Framework Wikipedia
  • DKIM – DomainKeys Identified Mail Wikipedia
  • DMARC – Domain-based Message Authentication, Reporting and Conformance Wikipedia
  • DNSSEC – Domain Name System Security Extensions Wikipedia
  • MTA-STS – Message Transport Agent Strict Transport Security Wikipedia
  • DANE – DNS Based Authentication of Named Identities InternetSociety