If you want to protect your email domain from spoofing and phishing attacks, you need to configure some authentication methods that verify the identity of the sender and the integrity of the message. In this blog post, we will explain how to configure SFP, DKIM, DMARC, and Defender for Office 365 to enhance your email security.
If you don’t want to read all of this go ahead and what this video instead.
SFP stands for Sender Policy Framework. It is a DNS TXT record that lists the authorized sending IP addresses for your domain. When you send an email, the receiving server checks your SFP record to see if the IP address matches. If it does, the email passes the SFP check. If it doesn’t, the email may be rejected or marked as spam.
DKIM stands for DomainKeys Identified Mail. It is a way of adding a digital signature to your email headers using public-key cryptography. When you enable DKIM for your domain, you generate a pair of keys: a private key that encrypts the signature and a public key that is published in your DNS records. The receiving server uses the public key to decrypt the signature and verify that the email was not tampered with.
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It is a DNS TXT record that tells the receiving server what to do with emails that fail SFP or DKIM checks. You can specify a policy of none, quarantine, or reject, depending on how strict you want to be. You can also request reports on how many emails pass or fail the authentication checks.
Defender for Office 365 is a cloud-based service that provides advanced protection against email threats such as malware, phishing, spoofing, and impersonation. It uses machine learning and behavioral analysis to detect and block malicious emails before they reach your inbox. It also gives you visibility and control over your email security posture.
Configure SFP, DKIM, DMARC, and Defender for Office 365 Process:
To configure SFP, DKIM, DMARC, and Defender for Office 365 for your domain, you need to follow these steps:
- Log in to your DNS provider and add an SFP record that includes all the IP addresses that are authorized to send email from your domain. For example: v=spf1 ip4:192.0.2.0/24 include:spf.protection.outlook.com -all
- Log in to your Microsoft 365 Defender portal and enable DKIM for your domain. You will need to create two CNAME records in your DNS provider that point to Microsoft’s DKIM selector records. For example: selector1._domainkey.contoso.com CNAME selector1-contoso-com._domainkey.contoso.onmicrosoft.com
- Log in to your DNS provider and add a DMARC record that specifies your policy and reporting options. For example: v=DMARC1; p=reject; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org
- Log in to your Microsoft 365 Defender portal and enable Defender for Office 365 features such as Safe Attachments, Safe Links, Anti-phishing, and Anti-spoofing.
By following these steps, you will be able to configure SFP, DKIM, DMARC, and Defender for Office 365 for your domain and improve your email security.
You can always use MX Toolbox to double check your records or compare aganist other domains like mine to see if they are configured correctly.
- GoPro Hero 10 (The One I Use):
- GoPro Hero 11 (New Model):
- GoPro Hero 11 Creator’s Kit:
- Logitech Brio 4k Webcam:
- Microsoft Modern Webcam:
- Elgato Wave:3 Microphone:
- Movo VXR10 Universal Video Microphone:
- Phillips Hue Light Strip:
- Xbox Controller – Pulse Red:
- Elgato Stream Deck v1( The one I use):
- Elgato Stream Deck MK.2 (New model):
- Logitech Z207 2.0 Multi Device Stereo Speakers:
- Lenovo ThinkVision 27″ Monitors:
Only Amazon Links are Affiliate Links, and I may receive a small commission. Other links do not have any type of commission or sponsorship unless otherwise specified.