In the past, email security for sending mail to a contact was not high. It had limited or no verification of the identity of the sender or the integrity of the messages themselves. As a result, spammers and phishers were able to forge emails pretending to be from any domain they chose.
However, over the last ten years the widespread adoption of three important standards has significantly enhanced the security of email communications. In fact, they have proved so successful, we’ve adopted them as our own standards. So, while the detail of these standards is slightly complex, we thought we’d summarise their purpose and use.
Sender Policy Framework (SPF)
The first of these is the Sender Policy Framework (SPF), a standard that allows domain owners to create DNS TXT entries that list the mail servers that can send mail on their behalf. Receivers of email can then reject email that does not come from an authorised source. On its own, SPF is valuable, but additional protection is provided by combining it with the next DomainKeys Identified Mail (DKIM) standard.
DomainKeys Identified Mail (DKIM)
The DKIM standard is an email authentication method that allows the receivers of email to check it has been authorized by the owner of the domain. It also allows partial checks on the integrity of the email, and confirmation that the email has not been tampered with in flight. In this case, DNS CNAME records are added to provide a public key that can be used to validate the email headers and message body.
Note that if your email services are provided by Microsoft then only the default onmicrosoft.com domain is protected with DKIM. You need to add the records necessary to protect your custom domain by following the instructions here.
Domain-based Message Authentication, Reporting and Conformance (DMARC)
Domain-based Message Authentication, Reporting and Conformance (DMARC) standard is used to publish a sender’s policy for handling mail from their domain. It specifies whether SPF or DKIM or both is being used for the sender domain, and what receivers of mail should do if mail has failed the specified checks. This policy is published as a TXT record in the domain owner’s DNS.
EnergySys does not support the use of DMARC to allow problems in DKIM or SPF to be ignored.
Implementing Secure Email Services
Implementing all three of these can dramatically increase the trust receivers’ place in mail they receive from your domain. The email service must be configured with these protocols by the domain address administrators, in the sending domain. Your DNS provider will undoubtedly have detailed instructions on setting them up.
EnergySys supports the transfer of data to your instances via email. We have checks in place to limit email exchange to permitted senders, but these may be less effective if we are unable to confirm that the sender information is genuine. For this reason, we enforce the use of the standards described above, and will reject email that does not pass these tests.
Try more from our latest Resources
Energy businesses are turning to low-code to support fast decision making, quick change management and improve competitive advantage through agility. In this paper we demonstrate how easy it is to configure an application in EnergySys. Using a pipeline network as an example, understand the process of configuring EnergySys to support the business in finding the most ‘efficient’ route across a network.Download
Independent operator Ancala Midstream Acquisitions Limited streamlined asset management for its complex North Sea business by adopting EnergySys’ low code software. Since implementing this cloud-native solution, the oil and gas company is better managing its diverse operations and has achieved newfound business agility.
In this paper, co-authored with Fabio Terzini, Lead Engineer at Elite Energy Consultants, we discuss the benefits of having a Greenhouse Gas Emissions and Energy application aligned with the Production Allocation system in a centralised and structured database.Download