Problem
You notice that some emails are sent on behalf of the customer's domain without authentication or authorization.
Environment
- Gmail
Solution
Implement the authentication methods SPF, DKIM and DMARC in the DNS host provider as TXT records.
- Ensure mail delivery & prevent spoofing with SPF.
- SPF lets you specify the servers and domains that are allowed to send email for your organization. When receiving mail servers get a message from your organization, they compare the sending server to your list of allowed servers. This lets receiving servers verify the message actually came from you.
- Increase security for outgoing email with DKIM.
- DKIMs adds an encrypted digital signature to every message sent from your organization. Receiving mail servers use a public key to read the signature, and verify the message actually came from you. DKIM also prevents message content from being changed when the message is sent between servers.
- Enhance security for forged spam with DMARC.
- DMARC tells receiving servers what to do with messages from your organization when they don't pass either SPF or DKIM. DMARC also sends reports that tell you which messages pass or fail SPF and DKIM. These reports help you identify possible email attacks and other vulnerabilities.
Cause
The domain is unauthenticated.