Secure Email Gateway offers the following spoof detection features:
For inbound email you can provide:
- Protection at the connection level. Suspect emails can be rejected if a problem is detected between the sending domain and email sender. When enabled, spoof detection provides protection against email originating from outside your organization that has a forged sender with an internal email address.
- Protection at the email content level. This is provided by DKIM
DomainKeys Identified Mail as part of Junk Email Detection within your spam policy.
To provide trust to mail exchangers that receive email from your organization's domains, you can use DKIM signing. DKIM uses public and private keys, along with DNS records, to validate outbound email that is sent from your organization. When configuring spam settings, you can configure DKIM verification on inbound messages.
| To avoid messages from trusted sources being blocked by spoof detection, add them to an Allow List. |
Tell me about...
-
How DKIM signing works
DKIM is an email validation system designed to detect email spoofing. It provides a mechanism that allows receiving mail exchangers to check that incoming mail from your organization's domain is authorized by your organization.
It does this by including a DKIM signature within the email. The signature can then be validated by the recipient by identifying the paired public key
The key a sender gives to a recipient so that the recipient can verify the sender's signature and confirm that the message was not altered. Recipients also use the public key to encrypt email messages to the sender. as published in the DNS.To enable DKIM signing you need to create a public and private key
The secret key kept on the sender's computer that the sender uses to digitally sign messages to recipients and to decrypt messages from recipients. Private keys should be password protected. pair, and a DNS record for each of your organization's domains. DKIM verification can fail if the "system times" of the sending and receiving message transfer agents are not synchronized to within 5 minutes. System times are not affected by time zone differences.