Protect your domain’s reputation with DMARC

Cyber criminals are known to impersonate well known brands and use the brand’s trusted reputation to send emails to recipients and orchestrate an imposture.  The victims end up giving away sensitive information like credit card pins, passwords, or even end up making payments to the imposters.

Domain-based Message Authentication, Reporting & Conformance i.e. DMARC protects your organization against such email threats.

Therefore, for an organization who sends emails to its customers, DMARC ensures that legitimate email is authenticated and the sender’s identity is verified by the recipients’ email service provider. Fraudulent emails appearing to come from domains under the organization’s control is blocked. The organization can even include domains that do not send mails or even defensively registered domains in its DMARC policy.

Inbound emails that fail DMARC authentication do not reach the recipient’s Inbox, thus filtering out phishing mails. So, if you get an email from the Income Tax department with a “From” address having intimations@cpc.gov.in, did cpc.gov.in really authorize that message?

DMARC builds on two existing and widely deployed email authentication techniques, the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

Two key values of DMARC are domain alignment and reporting.

Phishing emails generally abuse the visible “From” header of emails by forging it. DMARC’s alignment feature prevents spoofing of the “From” header address by:

  1. Matching the “From” header domain name with the “envelope from” domain name (also know as the “return-path” address ) used during an SPF check, and
  2. Matching the “From” header domain name with the “d= domain name” in the email’s DKIM signature.

DMARC allows responsible organizations to instruct email providers who receive emails from the domains that they own, on how to handle unauthenticated emails via a DMARC policy, removing any guesswork on how to deal with messages that fail DMARC authentication.

What sets DMARC apart from other email authentication protocols is its reporting function. With DMARC, you can see who is sending email on behalf of your domain, your brand, and prevent spammers from using it to send fraudulent email.

The reporting feature of DMARC means that DMARC enabled receivers will tell you:

  1. How many messages they’ve received using your domains in the From: address
  2. Where these messages came from
  3. Whether these messages passed DKIM and SPF checks.

For Inbox providers, it is easier to determine that messages are not bad. Such emails are more likely to get delivered to the recipient’s mail quickly and without mistakes. Thus setting up a DMARC policy and choosing a right service provider to send your emails only helps in strengthening your brand’s reputation. 

Rediffmail Enterprise helps you defend your domains reputation by implementing DMARC for your organization’s domain names. The Rediffmail Enterprise Email Security team hand holds you through the entire life cycle of implementing DMARC – studying your outbound email traffic pattern (including marketing mails sent through 3rd party email campaign tools), configuring SPF and DKIM records in your DNS for all your domains (including domains that do not send mails or even defensively registered domains), configuring the DMARC record in your DNS with the right policies from the “monitoring” to “blocking” modes. The DMARC dashboard integrated in your administrators tools gives you visibility of your outbound email traffic pattern which include graphical stats of the source of outbound traffic and details of phishing attempts done using your domain names.

Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

How to control Business email data-leak?

emailleakprotection

For most of the companies, over 70% of your business critical information reside in your emails and there are many ways by which mail data can be leaked electronically from a company like inappropriately printed info, copying to pen drive, writing the data to a DVD/ CD or any other portable storage device.

BYOD Smart phones / devices with combination of high storage capacity, high speed data access and loads of apps to leak mail data – email, messaging and social network access are the most dangerous all-time device for stealing or leaking company mail data.

And last but not the least, email data theft also happens inadvertently with loss of company laptop or mobile devices.

Particularly data theft through email is on rise as any sensitive data can be emailed instantly to desired email address and can be accessed from anywhere in the world. Individual’s identity theft via suspicious e-mail or phishing is one such similar attempt made by fraudulent.

Allowing personal email pose a risk for data theft like sending data out via Freemail is difficult to monitor. As personal email account are beyond the control and scope of corporate investigations.

So it is essential to choose a secure business email hosting which provide all granular features like advanced security, administrative privileges, spam protection to manage and control the user accounts across your company.

Few more preventive ways for protecting data include regular restrictive use of storage and portable devices, scan of data stored on internal network, access of document based on confidentiality, educating the employee regarding data theft, encrypting corporate or business data and use of commercial data loss prevention solution.

Discover how Rediffmail Enterprise premium cloud email solutions can provide high security, custom anti-spam & anti-virus controls, data leak protection via restriction of mail & attachment access & flow, Mail monitoring, backup & restoration, Password policy, 2 Factor authentication and many other features.

Top 8 things to choosing your Business Email service

ESP

Email is the backbone of any business and managing it well has become mission critical for the company. Gone are the days when SMEs fret over their changing email needs and availability of the email solutions that just fit your growing organisational needs. Large organisations no longer considered that on-premise hosted email solutions is the only option for confidentiality, control and better management of mails, and they do realize that it is just a  ‘white elephant solution’. Today with the right cloud based email solutions, businesses Small, Medium or Large  can focus more on their core business than spend time on their email solutions.

Here are the top 8 things that SMEs and large corporate must consider before choosing a business solution:

  • 1. Cloud based email solution provider Cloud based email services have become increasingly popular over the past few years and we have come across several entities using them successfully for their business. The advantages provided by having hosted email solutions stand to benefit small-medium enterprises the most. There are no hard decisions involved since the amount of investments is very minimal and absolutely no hassle of deploying resources to manage these services. The costing model is also simple and straight forward which would help businesses manage their cash flow better and focus on their core activity. To conclude, Cloud based Email stands a good bet for small to medium enterprises to adopt with little risk.
  • 2. High availability Ask any business leader what he feels is an acceptable amount of email downtime, and he will most likely respond with, “None!” But if you share with him the additional investment required to further ensure that high bar of email availability, he’ll likely revise that answer. Certain industries like financial services, where downtime translates very clearly into lost profits, are typically more likely to prioritize uptime. In addition, uptime can’t be measured by the availability of the email server alone. Email is as good as down if the antivirus filtering hangs and prevents delivery or a mobile email service fails and employees don’t get emails on their smartphones.
  • 3. Assess your mail box requirements Get an idea of the total number of mailbox needed currently and in near future. Also consider the email storage requirements. Mailbox sizes have been steadily increasing over the years, with 36% falling between 500 MB and 999 MB but still not at the rate employees would like — nearly 80% of companies regularly receive complaints that their employees’ mailbox sizes are too small. Cloud-based providers typically offer much larger storage quotas at a much more attractive price than organizations can do for themselves.
    For a SMEs 2 GB (That is about 100,000 emails of average email size 50KB) would be good to start with but for medium size organisations 5 GB would be a better option. For larger enterprises 25 GB recommended as it completely shields from storage growth requirements.
  • 4. Multiple the point of access Look for a business email solution that allows multiple points of access. With Internet access on multiple devices becoming a norm, it is imperative that your mail is accessible from any device. This keeps your employees, be it in the office or out in the field always in touch with their office emails 24×7.
    Web-mail client: Use this from anywhere as long as you have a browser. Web clients for email access have evolved significantly and incorporate much more than basic features. Mobile: For popular platforms such as Android, Windows, iOS and Blackberry, via applications that is usually free to download. Desktop clients: Access your business email using desktop installed clients like Outlook and Thunderbird or on mobile devices such as Blackberry and tablets like the Apple iPad. Features enabling such a access are POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol) and IMAP (Internet Message Access Protocol) on a secured connection via SSL encryption. Also look for device synchronization. You take an action on one device and it is synchronized across all for e.g. you add a calendar event on PC, you can also see it and even edit it on mobile. Also resume from where you left on another device.
  • 5. Powerful admin controls For SMEs an easy to use control panel that allows managing the email service of your company is needed – Adding email IDs of new employees; deleting the IDs of the ones who have left. When an employee leaves the company, you can withdraw the email id assigned to him so that the emails remain with you. Also make sure you can remotely manage the security of your company data by restricting access and controlling the incoming & outgoing mails. For larger corporate, you may need your email administrators to set password policy, send newsletters to employees, assign privileges, create user groups and use many more such useful tools to manage the service efficiently. Also as an administrator of your office mail you need a continuous report of how your employees are using the email service. This will help you to control the usage and costs.
  • 6. Security Since security is an inherent requirement of any business email, we provide a secure login to the mail service using ‘https’, where ‘s’ stands for secured. This ensures that no unauthorized entity can intercept your information without your consent. Look for the email solution provider’s guarantee on virus protection against unwanted spam and malicious viruses.
  • 7. Archiving Storing a copy of emails from important email accounts into an archival mailbox prevents data loss is important for Large enterprises. Providing archiving often incurs added cost in providing email for each employee. Not all employees carry the same archiving requirements, but some companies tend to think of archiving as an all-or-nothing decision for their workforce.
  • 8. Support options Make sure your business email provider allows multiple support options via email and customer support & technical experts helpline including advanced support with escalation matrix and SLA.

Rediffmail Enterprise is an Award winning cloud based email solution provider for Small, Medium and Large size customers that delivers high availability, high security and responsive customer support.

Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

The POP3 IMAP dilemma

rediffmail imap pop3 dilemma

Postal Service for sending and receiving mails

Until a decade and a half ago, the post office, the letter box and the postman were an integral part of our communication needs. One would eagerly wait for the sight of a postman carrying your letters in his tiny sack. In today’s world, email has taken over the good old postal mail.

Ever wondered how the postal service would manage picking and delivering your letters? Well in a nutshell, they followed a protocol –

  1. Postal vans would collect all types of mails from post boxes and deliver them to certain delivery offices.
  2. The offices used to sort mails according to their destination addresses or pin codes and ship them to the respective destination post office.
  3. At the destination, the mails would be sorted based on local addresses and delivered to the right person.

Digital Age of Email

While email has digitized the entire message exchange process, the concept of protocols for exchanging and delivering messages still exists. At the centre of the email ecosystem is the SMTP protocol, which is uses to send your email messages from your phones/computers to your email server.

SMTP is also used by the email server to send your message to the mailbox of your recipient’s email server. From there, the recipient’s email client can fetch your email message using either the Internet Message Access Protocol (IMAP) or Post Office Protocol (POP) and put it in their inbox, where they can read it.

Much like the postal department worked behind the scenes and used its own protocols to deliver mails, email protocols such as SMTP, IMAP and POP3 work hard behind the scene and transport mails from desk to desk.

Email configuartion

Most email clients can be configured to fetch mails using either POP3 or IMAP. The configuration is a series of steps which involves keying in your email servers address, port number and your account’s user name and password. The POP3 and IMAP setting for Rediffmail Enterprise are as follows:

Protocol

Server

Port

POP3

pop.rediffmailpro.com

995

IMAP

imap.rediffmailpro.com

993

 

If you have the choice of either POP3 or IMAP, which one should you go for? In order to make a choice, let us look at what each one of them really does.

POP3

POP3 works by establishing a connection between the email client (like Outlook, Thunderbird, Apple Mail, etc) and the POP3 mail server. It then downloads the email messages to the client device, and finally terminates the connection. Usually, the downloaded emails are deleted from the email server.

POP3 can also be configured to keep a copy on the email server. If the user chooses to delete downloaded messages, then the only copy of the emails are on the user’s device. This can be risky if the user’s device malfunctions or is unavailable when needed. Hence many organisations now prefer Web Mail over Desktop Mail.

Since emails are stored locally after they have been downloaded from the server, they can be viewed and edited offline, without requiring a permanent internet connection.

IMAP

IMAP also establishes a connection between the email server and client, but unlike POP3, it maintains this connection throughout the user’s session, not just when emails are downloaded.

With IMAP, all messages stay saved on the server after being downloaded by the email client, until the user decides to manually delete them. All changes done to the messages on a particular device like change of state from unread to read, copying/moving email messages to personal folders, flagging messages as important, etc are relayed back to the email server.

Any other device connecting to the email server to download messages also gets the email’s last changed state. This means that multiple devices can connect to the same IMAP mailbox, and all have the same access to the same email messages on the server. Like POP3, emails downloaded using IMAP on the user’s device can be viewed and edited offline. Any change in state of the email while offline is relayed to the server when the email client next connects to the email server.

It’s worth noting that IMAP does not always store the entire email locally by default.

Some clients will keep a few weeks’ worth of email to be accessed offline, but these may be stripped of any images and attachments.

With IMAP, there is the risk of being stuck without a connection and no way to access previously downloaded emails.

POP3 makes sense for individuals who access their email from a single machine, whereas IMAP is for those who use multiple devices to access email and desire to have a consistent view of the mailbox across all devices. POP3 is the simpler of the two protocols, and because POP3 routinely deletes mail from the server, it’s generally less of a burden on server resources. Users who are conscious about their mailbox size should choose POP3 over IMAP.

However with storage costs coming down, connectivity ever improving and the benefits of cloud computing, users can choose IMAP over POP3.

IMAP takes the cake with its capability to push new emails to the email clients. If a POP3 client has to automatically make all new mails available, it has to keep polling the email server at regular intervals. Frequent polling is an inefficient use of network and the device’s resources, increasing the cost to the user.  Also, with polling, new mail notifications are only as frequent at the polling frequency, and not ‘immediate’. Overall, polling is a poor solution for a user needing immediate notification of new emails.

IMAP : IDLE Command

The IMAP protocol supports a command called IDLE.  An IMAP server provides two things in response to a client’s IDLE command:

  1. An answer to the request.
  2. Information on any new messages.

This means that where an email client is actively doing things with an IMAP server, it will be notified immediately about new emails. The email client can then get summary information on the message to present to the user, and can automatically download the email message when appropriate.

The basic network use of the IDLE command is very small, and so it makes very efficient use of bandwidth.

Secure, Cloud based Enterprise Email Solution for Businesses and Professionals from the popular Rediffmail service

Is your Business email Spoof-protected?

Email Spoofing complaints are on rise & common methods adopted by scamsters is to send an email to your users from an anonymous proxy using your own domain.

How Email Spoofing is Identified?

Rediff Entperise Mailing make best efforts to track and block such attempts of spoofing through DKIM. All mails sent using Rediff SMTP are signed using DKIM technique If the mail is intended for internal (same domain) users, then DKIM signature can be verified on receipt & delivered in inbox. Mail failing to verify will be considered as SPOOF

DKIM primarily is useful in identifying spoof of same domain mails as it verifies mails sent by Rediff SMTP However there is a possibility some mails are sent using SMTP of other Service provider. For instance, Your domain is used to send some mails using third party system(SMTP) like Payroll, CRM, Email Marketing, etc. Such emails may not be signed using DKIM.

This could create a problem as Legit Mails will be identified as SPOOF, to avoid same SPF record must be added in your DNS wherein if IP address of such systems will be mentioned. We will check the IP from which the mail is sent & once verified we can be sure that the mail is not spoofed.

What is SPF?

SPF (Sender Policy Framework) is a system to help domain owners specify the IP addresses of servers which are authorized to send mail from their domain. The objective is that your recipient’s mail systems can check to make sure that the server sending email from that domain is authorized to do so. This helps in reducing the chances of email spoofing. Mail servers that accept emails do a SPF check by looking up the SPF record of the sender.

How to add SPF record?

SPF record is a Domain Name Service (DNS) TXT record that specifies which mail servers are permitted to send email on behalf of your domain. SPF is added the same way as a regular A, MX, or CNAME record.

If you do not use any third party system to send emails from your domain, then your SPF record should be as follows:

“v=spf1 redirect=_spf.rediffmailpro.com”

If you use any 3rd party system to send emails from your domain, then SPF record should also include the IP or subnet of the machine sending those mails as follows:

“v=spf1 ip4: include:_spf.rediffmailpro.com -all”

The IP or subnet will be shared by your other service provider & same is to be included with our SPF records as explained above. This will help to identify legit mails & not categorize them as SPOOF

DMARC builds on two existing and widely deployed email authentication techniques, the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

We recommend implementing DMARC (Domain-based Message Authentication, Reporting & Conformance) that uses SPF and DKIM to determine the authenticity of an email message.

Your DMARC record is published alongside your DNS records including:

  • SPF
  • DKIM
  • A-record
  • CNAME
Button-KnowMore