Spam that attempts to impersonate another person, for example sending an email with a fake sender address (i.e. Spoofing) is a common type of spam.
Mail Assure uses three main methods of sender authentication to help combat phishing and spoofing attempts:
- SPF (Sender Policy Framework)
- DKIM (DomainKeys)
- DMARC (Domain-based Message Authentication, Reporting & Conformance)
Mail Assure also implements several other technologies to help combat phishing and spoofing attempts:
- IP reputation
- Header inspection
- Domain reputation
- Email reputation
- Domain and link analysis
- RFC alignment
- Content checks
- Signature checks
- Advanced Rules
- What is threat intelligence?
SPF is used to restrict which mail servers are allowed to send email for your domain name. This framework is designed to detect and block email spoofing by providing a mechanism to allow receiving mail servers to verify that incoming mail from a domain comes from an IP Address authorized by that domain's administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records in the form of an SPF record which is a specially formatted TEXT record.
For full details on how, see Set up SPF.
SPF is tied to the envelope sender address only, so we recommend the use of SPF in conjunction with the use of DKIM and DMARC.
DKIM is an email authentication method designed to detect forged sender addresses in email. When signing outgoing messages with DKIM, recipients can verify a respective message is from the sender it claims to be from and that the content of the message has not been modified.
DKIM assists in the prevention of email spoofing and phishing. See DKIM Certificate Generation for information on how it works and how to use DKIM certification.
A DKIM signature may be added by the original author or other systems that process the message.
This is an email protocol designed to help prevent email spoofing when used in conjunction with SPF and/or DKIM, and gives the administrator of the receiving server the ability to act on messages when the criteria is not met. DMARC also provides the tools for senders to monitor the abuse of their domains. See our page dedicated to DMARC for full details on how it works and how to use it.
Mail Assure uses its own internal reputation data alongside multiple public, private, and commercial feeds to look at IP address reputation. This is extremely powerful when evaluating the reputation of the sender IP against data points, such as a number of failed SPF attempts, invalid recipients, malware attacks etc.
In-depth header analysis is performed on any inbound message to look for many tell-tale signs of phishing. We look at routing information and message metadata to determine suspicious characteristics for threat emails.
As with IP reputation, Mail Assure uses its own internal reputation data alongside multiple public, private, and commercial feeds to look at the Domain's reputation. This is used not only to check the sender domain but also any domain in the body of an email. Domain age checks are also performed which can effect how the mail is handled.
Mail Assure uses a very large dataset of sender reputation for all emails filtered. Including several factors for the sending network, sending systems, sending history and more. If a sender is a known spammer from the dataset, the message can be caught prior to making it to your mailbox. This allows threats to be detectable based on our history.
Mail Assure uses several internal and external sources for data to determine the validity of domains and links within messages. This can prevent threats reaching users by blocking messages with commonly seen phishing links and suspicious activity.
Checks are performed to make sure each email conforms to the Internet Engineering Task Force RFC guidelines. Many illegitimate senders do not adhere to these, making it an easy spam signal to spot. All major email providers and systems comply with these rules. Non-compliance is common for disreputable bulk mailers.
Message content is checked against fuzzy checksum systems and compared against a huge dataset of verified examples of good and bad messages assisted with statistical analysis to help determine the legitimacy of the message.
Mail Assure uses many custom signature datasets designed to target specific types of email-borne threats, for example, macro-based malware, phishing, and more. The solution uses its own internal datasets as well as third party feeds, updated around 30-50 times a day.
Mail Assure users can use our simple and advanced rules system to easily protect users from business email compromise (BEC) spam. This is especially effective against BEC and phishing.
To learn more about advanced rules, see our documentation page here Add an Incoming Block list Filtering Rule and take a look at some example regular expressions and a quick reference guide here Advanced Filtering Rule Examples and Quick Reference.
Mail Assure's global threat intelligence team constantly monitors the world of threats and have tools to act on live threats when needed, proactively updating the filters to ensure maximum email threat detection, and minimizing false positives.
Please check here for some examples of spoofing.