Secure Email and File Transfer
Email has generally been the forgotten about technology in terms of security, yet it is used daily to transfer considerable personal and business confidential material. Many users are oblivious to the fact that the vast majority of email systems still send internet email as plain text which can be read by anyone, or that the administrators of the email systems could potentially also read / copy / forward any of their emails.
Some organisations have started to use SSL technology to deliver and receive email on the internet but that doesn’t really protect email from eavesdropping, accidentally mis-sending (we’ve all done that at least once) or from the recipient sharing or forwarding mails which you want restricted.
KHIPU have solutions to ensure the emails are encrypted (supporting all major email systems) from the minute you press send, only the rightful recipient can view it and you can revoke access to that email at anytime.
What About SPF, DKIM and DMARC?
All organisations should be implementing all of the above, so what are they?
SPF: Sender Policy Framework
This allows organisations to state what email systems (gateways) are allowed to send emails on behalf of their domain(s). It tells recipient gateways to either trust the IP address of the sender or not. This reduces the success rate of any spammer using your domain, as SPF aware gateways will drop or quarantine mails from unknown gateways.
DKIM: Domain Keys Identified Mail
DKIM is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorised by the owner of that domain. It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam.In technical terms, DKIM lets a domain associate its name with an email message by affixing a digital signature to it. Verification is carried out using the signer’s public key published in the DNS. A valid signature guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than message’s authors and recipients. In that respect, DKIM differs from end-to-end digital signatures provided in some email clients.
DMARC: Domain-based Message Authentication, Reporting and Conformance
DMARCH is an email-validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organisations. DMARC is built on top of two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy on which mechanism (DKIM, SPF or both) is employed when sending email from that domain and how the receiver should deal with failures. Additionally, it provides a reporting mechanism of actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the From: header field, which is often visible to end users, should be considered legitimate.