During the Corona crisis, communication via email has gained great importance. Cyber criminals take advantage of the insecurity of many citizens to obtain money by fraudulent emails. Despite current domain authorization through SPF Records, malicious emails can still get into the mailboxes of victims. Hornetsecurity’s new self-service module “Email Authentication” offers a solution to this problem: users can now choose how to deal with scanned malicious emails at the touch of a button.

Authentication methods SPF, DKIM and DMARC

The verification is performed using the authentication methods SPF, DKIM and DMARC. In combination, these procedures function as a secure instrument against attacks on email communication. Thus, current spam, spoofing, phishing and malware attacks as well as targeted CEO fraud attacks can be blocked. This corresponds to the recommended security standard of the German Federal Office for Information Security.

The SPF authentication process recognizes emails sent with unauthorized sender addresses of the sender domains. The DKIM authentication process detects emails that have been modified during transit. And the DMARC authentication procedure ensures that the envelope sender address matches the body form address.

Hornetsecurity offers individual adjustment possibilities

Hornetsecurity now provides administrators and analysts with a number of options to customize the default settings of the authentication procedures to the individual needs of the users. While Hornetsecurity’s support team had to individually define the settings of the authentication procedures for customers for many years, this is now possible at the push of a button in a self-module.

For example, the results of the SPF authentication procedure can be displayed differently. Depending on whether the verification result is a hard or soft fail, an email is quarantined, rejected or delivered.

The SPF authentication procedure can also be used to individually define which components of the emails are to be analyzed. The following options are available:

  • analyze “envelope from” only,
  • only parse ‘header from’,
  • analyze ‘envelope from’ and ‘header from’.

With the DMARC and DKIM authentication procedure, it is possible to reject suspicious emails directly so that they are not stored on the server. By default, they are moved to quarantine.

Checklist for protection against email attacks

Despite all security measures, the following rules still remain valid in the end: Be careful when handling emails and their attachments. Caution is required for emails with long sender addresses or general addressing. Personal details should not be confirmed and winning notifications can also be ignored.