One of the key challenges in email today is to know whether to trust that the email s/he receives is not a scam. Phishing, the fraudulent use of email for the purposes of acquiring personal information from the receiver in order to perpetrate identity theft, is a huge problem. In my latest column in SecurityWeek, I’ve provided some best practices, and education, around DomainKeys Identified Mail (DKIM) verification and walk through why it’s important for organizations to consider these best practices in order to instill trust in email and prevent phishing.
For example, the article covers best practices in the following areas for DKIM Verifiers that are relevant to receivers of email:
- Respecting the testing flag
- Exposing authentication-results
- Not assuming that success means it isn’t spam:
- ADSP discardable email and the risk of dropping email and blaming the sender
Email fraud is very easy to perpetrate and enterprises can trust email and prevent phishing by implementing these best practices in their organizations. More detailed information on this topic can be found in the contributed column, “DKIM Verification Best Practices – Bringing Trust Back to Email”, in SecurityWeek that can be viewed here.
Once you have a chance to read more detail, and have opinions of your own to share, feel free to comment below.