Is your email account scam resistant?

Knowing how reliant your business is on email requires you be one step ahead of the scammers.

That starts with using a premium level service provider and, if you’re using a mail service attached to your domain name, that it is configured to deflect spam and scams.

What used to be ‘okay’ in terms of setup is now sub-standard, largely due to COVID-19 and a chunk of downtime used by idle hands to raise the volume of scams and spam. You are likely seeing emails from others end up in junk/spam or get reports that’s where your own email ends up.

Every day, Gmail (who handle approximately 20% of world’s emails) block more than 100 million phishing emails. Microsoft block a similar amount.

The MessageLabs Intelligence security report show more than 89% of emails on the network are ultimately labelled spam.

While the email service providers are continually raising their bar in reaction, many of us have domain account setups that can be exploited and don’t even know it.

This relates to our account being prone to email domain hijacking (spoofing) or mis-labelled as a source of spam. Scammers and spammers look for these exploits, and in doing so, take your good reputation for their gains and once it’s been destroyed, walk away.

So, what do we do about it? There are a couple of easy steps to raise our own bar.

One: is to use a premium email service provider (such as Microsoft, Google, Protonmail or similar).

Two: is to ensure your domain name records include digital signature and sender verification details.

Why isn’t this part of your standard setup? It is if you’re setting up an email service today (if the person setting it up is aware of the minimum’s). As most of us are already in existence there is a bit of homework:

Do you know if your email service includes SPF, DKIM and DMARC details lodged in your domain name records?

If you do, when were they last checked?

If you don’t, do you have someone who can check?

You can check yourself with these great (and free) tools. Simply enter your domain name and see what you learn:

https://mxtoolbox.com/SuperTool.aspx

https://stopemailfraud.proofpoint.com/spf/

https://toolbox.googleapps.com/apps/checkmx/

If your business relies on email you need to know these records are in place.

SPF and DKIM records are like adding a seat belt in your car (DMARC is the trifecta although not as important). End of analogy.
They simply narrow use of your mail account to known services (such as your website sending you a contact form or if you use a mail service provider like Mailchimp or Sendgrid). There are many great articles available on the Internet that explain this in greater detail including getting these records added. If you’d like me to check for you (it’s free and easy to do), email me [email protected] and I’ll respond with the results and discuss how easy it is, and if any changes are needed.