Email

In this post, you will learn what BIMI is, how it works, and the benefits it brings to your domain, including increased trust and brand visibility. In today’s digital age, making a memorable first impression is crucial. With the increasing volume of emails, standing out in the inbox can be challenging. That’s where BIMI (Brand Indicators for Message Identification) comes in, transforming how brands interact with recipients through email. Why BIMI matters BIMI allows your brand’s logo to appear alongside your emails, providing visual trust cues to recipients. This simple addition can significantly enhance brand recognition and trust, making your communications more engaging and trustworthy. ...

This blog post explains how an MTA-STS policy works and how to implement it on GitHub Pages. MTA-STS (Mail Transfer Agent Strict Transport Security) is a security protocol designed to improve the security of email communication by enforcing the use of TLS (Transport Layer Security) to encrypt email traffic between mail servers. It helps prevent man-in-the-middle attacks and downgrade attacks, where an attacker could intercept or tamper with email messages in transit. ...

In this post, you will learn how to enable and use SMTP DANE with DNSSEC in Exchange Online. While outbound SMTP DANE with DNSSEC in Exchange Online has been enabled since 2022, Microsoft is currently rolling out inbound SMTP DANE with DNSSEC in Exchange Online. In an earlier blog post, I explained how SMTP DANE with DNSSEC works together on a mail and web server. A short recap: Outbound SMTP DANE with DNSSEC sending mail server: Requests DANE TLSA records of the receiving domain’s MX record. Inbound SMTP DANE with DNSSEC receiving mail server: Requires DNSSEC and DANE TLSA records that can be requested by the sending mail server. Inbound SMTP DANE with DNSSEC benefits Authentication of TLS Certificates: SMTP DANE ensures that the TLS certificates used in email exchanges are authenticated. Reduction in Delivery Failures: By using DANE, the sending mail server can verify that the recipient’s server supports and prefers secure TLS connections. Enhance Email Reputation: Demonstrate that you comply with the latest security standards. Integrity and Authenticity of DNS Records: DNSSEC adds a layer of security to the DNS system by digitally signing DNS records. Prerequisites Before you enable inbound SMTP DANE with DNSSEC in Exchange Online for a domain, you must have added the domain as an Accepted domain and the domain status must be Healthy in the Microsoft 365 Admin Center. The current domain’s MX record must have a priority of 0 or 10 and must not have a fallback or secondary MX record. ...

This blog post explains the role and benefits of ARC sealing. ARC (Authenticated Received Chain) is an email authentication protocol that preserves the authentication results of an email as it travels through multiple intermediaries, such as forwarding services. Using ARC helps organizations handle the complexities of email authentication, especially when emails are forwarded. ARC involves multiple servers working together based on mutual trust. ARC ensures that legitimate emails are less likely to be marked as spam or rejected, while fraudulent emails are more easily identified and filtered out. In this blog post, we will explore the basics of ARC, how it works, and the benefits it provides. ...

Unlocking the Power of S/MIME: This article will help you understand S/MIME and how to request, configure, and use S/MIME on your devices. What is S/MIME? In today’s digital landscape, the security of sensitive information transmitted via email is critical. One method of safeguarding email communications is through the use of S/MIME (Secure/Multipurpose Internet Mail Extensions). S/MIME is a widely adopted protocol that provides end-to-end encryption and digital signatures, ensuring the confidentiality, integrity, and authenticity of email messages. ...

In this post, I will share my best practices for getting a handle on your SPF record. Why it makes sense to have a good SPF procedure in place In a previous blog post, I explained the limitations of SPF and how it works with DKIM and DMARC. It’s crucial to have a well-structured SPF procedure to avoid future problems, especially since exceeding the DNS lookup limit of 10 can cause issues, such as: ...

In this post you will learn to understand how the DNS protocols SPF, DKIM and DMARC work together to protect your domain from phishers and spammers. Why deploy SPF, DKIM, and DMARC? SPF, DKIM, and DMARC are critical email authentication protocols that help prevent email spoofing, phishing attacks, and domain impersonation for outbound email. Enabling these protocols together strengthens your domain’s email authentication mechanisms, improves security, and builds trust with your recipients by ensuring that email sent from your domain is legitimate and trustworthy. ...