Email security and reputation issues. The solution

Image: Screenshot of email
By Martin Barringer on

Email. The problem:

If you are finding that a significant percentage of your business email is disappearing into the ether, you are not alone. The reputation of corporate email domains has been under potential spoofing attack for years.  The SMTP protocol was not originally designed to function over unsecured networks such as the internet, so over time authentication mechanisms have been deployed to address these short comings.  If deployed incorrectly this can, in an extreme situation, lead to the flow of business email stopping all together.

So how do you provide authentication for SMTP?

Below are the key features which when adopted can help to secure and enhance the email domain’s reputation with authentication mechanisms:

  • TLS
  • SPF
  • DKIM
  • ARC – In Development

What is TLS?

TLS stands for “Transport Layer Security”.  This allows encryption of the transport between source and target servers.  Protecting the transport of content only.

What is SPF?

SPF stands for “Sender Policy Framework”.  This provides a list of source servers which can send as the corporate email identity such as

What is DKIM?

DKIM stands for “DomainKeys Identified Mail”.  This adds a signature to outbound email messages signing the email header.  This is not related to whole message encryption.

What is DMARC?

DMARC stands for “Domain Message Authentication Reporting and Conformance”.  Essentially this is a reporting feature.  Reports are produced (in XML format) by remote servers and sent to defined email addresses.  Generally, a 3rd party provider turns these reports in a usable format for consumption.

What is ARC – In Development?

ARC stands for “Authenticated Received Chain”.  This provides a signature for the message header.  If this does not match the expected it triggers an action depending on DMARC current configuration.  This has been adopted by Google at an early stage and is being reviewed by major providers.  Most don’t support this feature so currently one to review.


Adoption of these features can help protect and enhance the reputation of your email identity.  Combined, these features make it harder for 3rd parties to perform spoofing and impersonation using your corporate domains.  Furthermore, adoption can allow you to gain visibility via aggregate and per-failure reports.  Through these reports, 3rd party servers using your corporate email identity can be visualised.

How Can Silversands Help?

Silversands can work with you to help adopt these features.  We can guide you through the changes required, advising on adoption planning and strategy. If you would like to speak to one of our consultants please complete the form below.

For your information we run regular workshops and webinars providing the latest updates and expert advice about Microsoft 365, Cloud and Hybrid IT, security, compliance and partner tools. We also post regular blogs so please do follow us.

Contact us

  • This field is for validation purposes and should be left unchanged.

We have the expertise and the experience to provide specialist solutions and drive your business forward

Get in touch