Unauthenticated mail! Currently, we are receiving many inquiries about mails that have been rejected by Gmail…

Do you feel the same way and wonder what this error message means?

 

Wondering what you can do to stop receiving this error message?

Then this blog article on SPF and DKIM is the right place for you! In the following, we would like to use our expert interview to explain what you can do to give your e-mails a “free ride” to Gmail addresses again.

The interview was conducted by Julia Wolff with SecuMail^® expert Andreas Erhard. Andreas holds a master’s degree in applied computer science and works at SecuMail as Head of Development.

Julia: Hello Andreas. It’s nice that you were able to take the time to explain to me why all emails that go to Google accounts are currently rejected. Am I doing something wrong?

Andreas: With pleasure. It’s true, we are currently receiving many requests for mails to Google accounts that have been rejected. And no, neither you nor the customers are doing anything wrong! It’s Google’s fault. More precisely, in the security settings at Google. These have been increased and this now leads to the rejection of all mails that do not meet the new security standards. As part of its security standards, Google now requires confirmation of the identity of every sender.

Julia: What can I do then? How do I adapt my e-mails to Google’s increased security standards? How do I verify my identity?

Andreas: Yes, you or the system administrator can do something. There are even two ways to confirm the identity: either SPF or DKIM must be set up in the domain’s DNS.

Julia: What does SPF mean? And how is it set up?

Andreas: SPF is the abbreviation for Sender Policy Framework. This is a technique that is set up in the domain’s DNS system that proves that the server from which an email comes is authorized to send emails for that domain. Read more: How do I set the SPF record for my domain?

Julia: Is it enough to store a mail system in the SPF ?

Andreas: No, unfortunately that’s not enough! It is important to list all mail systems and mail service providers that your IT infrastructure uses in the SPF . By the way, this also applies to newsletters and contact forms, if they are located on other servers. In other words, a whitelist is created and it is also determined how emails from unnamed systems or providers should be handled:

1. Emails that do not comply with the policy will be rejected (-all)
2. Emails that do not comply with the policy are quarantined or are used as pot. undesirable. (~all)
3. SPF record is defined, but addresses outside of it may also be marked by (?all)

 

A little tip: You can check the SPF status of your domain with the mail server multi-tool from mxtoolbox .

You can carry out a general security analysis using SecuMail^® : Mail server analysis

 

 

Julia: And what does DKIM mean?

Andreas: DKIM is the abbreviation for Domain Keys Identified Mail. It is an identification protocol for ensuring the authenticity of e-mail senders, which is based on cryptographic signing of e-mail content. By the way, the DKIM procedure can also be combined with SPF . DKIM is a bit more complex to set up, as it requires software to create the signatures on the mail server. It the setup of SPF is usually sufficient to be able to access Gmail accounts again.

Julia: What exactly is DKIM and is it safer than SPF?

Andreas: DKIM is a cryptographic signature method. In this procedure, an entry is stored in the DNS system of the domain in question, which makes it possible to check the authenticity of e-mail signatures. The DKIM signature procedure offers a decisive advantage: the e-mail signature in question remains valid even if the e-mail has been redirected via another server!

Julia: Do I have to make all this effort just because of Google’s increased security standards?

Andreas: If you know how, it’s not that time-consuming! And setting up SPF or DKIM in the DNS means that emails can reach Google accounts again, but it offers another advantage: You protect yourself and others from phishing and spoofing attacks that could be carried out in your name! Read more: DMARC protects against fake senders

Julia: That sounds exciting! Could you give me an example?

Andreas: Sure, gladly! Suppose you receive a supposed email from SecuMail^® from Brazil (note: or from any other country or from any other sender) asking you to update your account. However, this mail does not come from SecuMail^®, the content is fake and the link in the mail lures you to a page where you are supposed to reveal your access data.

To ensure that these phishing or spoofing emails cannot cause damage but are blocked, it makes sense to set up SPF or DKIM .

Julia: Thank you Andreas. Can I contact you again if I have any further questions?

Andreas: Anytime! My SecuMail^® colleagues and I are there for you and all other interested parties. If you have any questions or other concerns about e-mail security, we will of course be happy to help. Contact by e-mail to support@secumail.de or by phone at +49 (0) 8171-246920!

You can also find more information on our YouTube channel or our encyclopedia:

https://www.youtube.com/watch?v=e7zymb4hpf0

or:

https://www.secumail.de/2022/05/31/dmarc-erweiterter-schutz-gegen-phishing-spoofing-und-spam/