Category Archives: Knowledgebase

Your Email Delivery Checklist

Email delivery can be complicated.  New technologies have emerged to help inbox providers protect themselves and their customers from spam and fraud emails, but these can also stop legitimate emails from being delivered.  How do you protect your email delivery?

Our MxToolbox Email Experts have created a checklist to help you improve your email delivery.  Learn more

Homeland Security Directs Agencies to Adopt DMARC

As a business or a government agency, you may wonder “why would I spend the time and money to adopt DMARC?”  The answer is that DMARC can help ensure your emails get delivered and protect your brand and customers from phishing and fraud while giving you valuable information about the email you are sending, including SPF alignment, DKIM authentication and forensic information on failures and the quality of the configurations of your senders.

Because of the inherent value in adopting DMARC, the US Department of Homeland Security and the UK government have made DMARC adoption a requirement for government agencies.  If you aren’t ready to adopt DMARC, you’re behind.  But, MxToolbox can help you.  Learn More

The State of DMARC – Fortune 500 vs Alexa 1000

DMARC adoption is accelerating. From the initial launch in 2012 by email inbox providers trying to protect their users to large companies looking to improve email delivery, DMARC has achieved worldwide adoption. However, new technology like DMARC goes through a cycle of adoption, and DMARC appears to be lagging among companies that would be typical targets for spoofing, spamming and hacks – Fortune 500 and Alexa 1000 domains.

Print

MxToolbox’s State of DMARC Adoption is a periodic evaluation of how inbox providers, businesses and government organizations are progressing in adopting DMARC to protect their inbound and outbound email.  As your expert in email deliverability, MxToolbox is committed to helping you protect your email so that your business can thrive.  DMARC adoption is paramount to improving your email deliverability.  Read more.

DMARC is the key to improving Email Deliverability!

Email is the key to your customer communication strategy.  But, what is your email reputation?

Setting up and managing your DMARC configuration is the key to getting insight into your email delivery.  MxToolbox is the key to understanding DMARC.

MxToolbox Delivery Center gives you:

  • Who is sending phishing email purporting to be from your domain
  • What is the reputation of your domains and delegated IPs
  • Where other senders are and What their reputations are
  • How your SPF, DKIM and DMARC setup is performing

Learn More

 

 

Threat Investigation in Delivery Center

Email delivery is under assault by spammers and hackers world-wide.  Your brand and domain name can be leveraged to send spoofing emails, malware and spam to your customers, your suppliers and even to random strangers.  Unfortunately, the potential for abuse is no longer restricted to larger companies as hackers and spammers attack smaller, less protected companies.  Regardless of the size of your business, you need to protect yourself.  Several small businesses using MxToolbox Delivery Center have recently discovered that as much as 90% of the email volume reportedly coming “From” their domain is spoofed, leading to blanket denial of their email delivery.  Any company can have their business completely crippled by this type of spoofing.  How do you investigate and prevent email spoofing to improve email deliverability and protect your business?

Introducing, MxToolbox Threat Investigator!

Screen Shot 2018-08-22 at 4.20.01 PM

Investigate threats to your email delivery in a consolidated interface.

Continuously striving to increase our customers’ email delivery rates, MxToolbox is excited to unveil a new product feature that will help your business achieve ideal deliverability.   With Threat Investigator, our customers get in-depth details on potential email delivery threats, including threatening IP addresses, geo-location, related domain information, reverse domain name system (DNS), autonomous system name/number (ASN), threat volume, and online reputation (MxReputation).  Threat Investigator provides everything you need to analyze current and potential email threats to email delivery and take steps to prevent these threats from impacting your business.

Screen Shot 2018-08-22 at 4.18.53 PM

Leverage ASN, Geo-location and Reverse DNS to categorize threats.

Because online communication is essential for your business, MxDelivery Center with the new Threat Investigator feature examines issues associated with outbound email, focusing on any encountered delivery difficulties. Moreover, this product identifies ongoing phishing and spoofing campaigns that threaten your brand and email reputation. Being able to recognize these threats early preserves your company name and helps overall message deliverability.

In addition, this innovative feature also provides phishing and legitimate email failure samples as references for investigation purposes. All of this is at your disposal for comparison exercises and to further enhance your familiarity with threats as they emerge.

Screen Shot 2018-08-22 at 4.32.50 PM

Threat Investigator integrates MxToolbox blacklist reputation to give you more insight.

MxToolbox’s Threat Investigator gives you unmatched awareness of threats to your company’s email practices. Your messages deserve safeguarding, and MxToolbox provides the tools necessary to protect and deliver your business email. Rely on our team of experts to help your emails get delivered by using the new Threat Investigator feature to reinforce your brand.

Existing customers: As a valued MxToolbox customer, you will have access to the Threat Investigator tool (depending on your current product subscription level). If you do not have access and would like to use this new feature, be sure to upgrade your plan to take advantage of MxToolbox’s Threat Investigator item.  Your business and your customers will greatly benefit from its addition.

The State of DMARC Adoption – Inbox Providers in 2018

Print

There is a lot of buzz surrounding DMARC right now.  And most people have questions like:

  • How many companies are adopting DMARC?
  • What is the volume of email sent to companies and governments that have adopted DMARC?
  • Is it necessary for your business?

As your expert in Email Delivery, MxToolbox is constantly looking at technologies that affect your business.  For years, the biggest worry for companies like yours was being blacklisted. Now, email delivery is more complex and requires constant evaluation of your email senders and their compliance with new technologies like SPF, DKIM and DMARC.  In our State of DMARC Adoption, we evaluate how quickly companies are adopting DMARC and how DMARC can affect your business.  Learn More.

 

Identifying Email Phishing

There are two types of email phishing:

  1. Phishing emails that come to you
  2. Phishing emails that come from you

Consumers are typically the target of phishing emails, while the domains of businesses with great brands are typically used to send the false emails.  In a separate blog post, our experts discuss how to recognize phishing email in your inbox.  In this post, we will discuss recognizing phishing email that leverages your business’s domain.

Why would I care if phishing comes “from” my domain?

Put yourself in the place of your customers, partners and suppliers.  If you received an email that appeared to be from one of them but it turned out the be phishing, would you still trust them?  Would that erode their brand in your mind?  Would you be more likely to check their legitimate emails for mistakes, issues, and threats?  Phishing using your domain hurts your brand, even when your customers know that you are not responsible!

Further, phishing puts your email delivery at risk.  Increasingly, email inbox providers like Google, Yahoo! and Outlook.com look at the domain an email comes “from” and what the reputation of that domain is in their systems.  If your domain name has been used for phishing, then all of your email may come under additional scrutiny.  If uncontrolled, this could lead to mistaken blacklisting or lower inbox placement.

How do I recognize phishing from my domain?

Occasionally, email recipients will ask you directly “Did you send this email?”, but by then, it’s already too late.  Phishing emails are like cockroaches – seeing one means potentially hundreds hidden in the woodwork.  Without adopting three new(ish) technologies, you really can’t know when your domain is being used for fraud and phishing.

The technologies you need to think about are SPF, DKIM and DMARC, and each work together.  SPF allows you to tell the world who can send email on your behalf, DKIM allows you to digitally sign your emails and DMARC allows you to designate an email address for feedback on your email, among other things.  Once you have SPF and DKIM setup for most of your email, you can get feedback on your email via the email address in the DMARC record.  Each email inbox provider (Google, Yahoo!, Outlook.com, etc.) will provide feedback containing everyone sending email for your domain – legitimate and phishing – that they received.  You’ll want to comb through that feedback to identify IP addresses and domains not legitimately connected to your business.

How do I stop phishing with my domain?

Here again, SPF, DKIM, and DMARC are important technologies to understand.  IP addresses and Domains that fail alignment or authentication with SPF, DKIM or DMARC will be likely candidates for phishing scams.  However, these may also be legitimate senders that are misconfigured or not included in you SPF.  You will want to investigate each to make a determination as to their legitimacy.

Once you are sure you know who is legitimate and that they are passing SPF, DKIM and DMARC checks, you can begin to tell inbox providers what to do with email that fails these checks.  DMARC allows you to set the steps a recipient should take with email that is failing SPF, DKIM and/or DMARC checks:

  • None – Do Nothing
  • Quarantine – Set this email aside and tell me you quarantined it
  • Reject – Bounce the email entirely

Your DMARC record also allows you to set the percentage of traffic subject to these rules, from 0-100%.  This level of granularity is important in allowing you to control how quickly you move all of your email to a reject status.  In this way you can test to see if any legitimate email is affected without negatively impacting your business.  Once you reach a 100% Reject policy, you will be filtering out all of the phishing using your domain.

How can MxToolbox help?

MxToolbox is your Expert in Email Delivery.  We understand how complex SPF, DKIM and DMARC can be to understand and implement and how costly fraud and phishing can be to your brand.  Our team has created a new product called Fraud Center that includes assistance from our expert support team to help you through this journey.  Fraud Center provides insight into both legitimate and illegitimate email sent on behalf of your domain as well as:

  • Configuration suggestions for your SPF, DKIM and DMARC
  • Consolidated reporting across inbox providers
  • Recommendations for when to change DMARC policies
  • Forensic examinations of rejected email
  • Access to our expert support to help you with Email Delivery