Is your e-mail secure?

Posted on 15 Feb 2018

Imagine this: someone outside your company uses an e-mail address which is tied to your organization and pretends to be an employee.
 

It happened to Blendle boss Alexander Klöpping this week, see the screenshot below. A hacker had managed to 'spoof' – as this technique is called – his e-mail, and send an e-mail to his financial director with the urgent need to process a bank transfer. Fortunately Blendle employees are very alert apparently, but this can happen to you too!
 

Now the important question to ask is: is your organization protected against this? A hacker or spammer could send an e-mail in your name the same way that you could send a letter with a false return address. Fortunately, you can protect yourself and your organization against this issue without any costs! How? Basically, you’re telling the internet who can and cannot send e-mails using your name. If someone would receive an e-mail, ‘the internet’ checks what you have indicated. If you haven’t done anything, it’s like saying: everyone can send out e-mails on my behalf. Then it’s time to act!
 

What are you protected against?
E-mail spoofing
Spoofing an e-mail means an e-mail is being sent in your name without you knowing. As this is rarely done out of good intentions, the possibility of you and your organization ending up with a damaged reputation is high. You could even end up on a blacklist, which means your e-mail will be rejected by the recipients. It can therefore take days to weeks for the damage to be remedied.
Scam
Hackers can try to approach your employees, colleagues and business contacts with an e-mail address of, for example, the financial department, which can then quickly and reliably forge an e-mail signature from an employee. This targeted form of fraud is more common than thought. Because it is hard to find out, companies usually keep quiet about this kind of hacking.


How can you prevent this?

The solution is as simple as it is effective. What you need to do is adding a piece of text within your DN environment. With this text you communicate your wishes to the internet. The DNS environment usually comes with your hosting company for your website. This text is also known as an 'SPF record'. Many spam filters search for a so-called "SPF record" when an e-mail comes in. SPF (Sender Policy Framework) was created to reduce the amount of spam on the internet.
 

In this example, the servers of Comsave are allowed to send e-mail, with the following code: v = spf1 include: ip4.spf.comsave.com include: ip6.spf.comsave.com -all The piece 'v = spf1' indicates that this is an SPF record, 'include: x' indicates which servers are allowed to send from your name and finally '-all' indicates that all other servers are not allowed to send an e-mail using your name. Do you want to set this up or know more about it? Ask your IT party or contact us. Do you want to know if you already have an SPF record? You can check this on this website: https://mxtoolbox.com/. Choose 'SPF record lookup' from the drop down menu and enter your website name. On https://www.spfwizard.net you will also find an English manual for creating an SPF Record.

is-your-email-secure thumbnail

Comsave in the news