Protecting Your Reputation by Protecting Your Email
Your online reputation is one of your most precious possessions. Because of this, you need to do everything in your power to protect it. The problem is that the more powerful your reputation becomes online, the more that people with bad intentions want to take control of it and use it for their own purposes. Nowhere is this easier online than email.
Email started as a trust system. I trust the email server I used to send my email. It trusts any number of servers to help deliver the email along the way. The recipient of my email trusts their email server.
In the beginning, email didn’t necessarily go from you to your server, to your recipient’s server, to your recipient. The internet was still fragile, so email was designed to hand mail to any server and trust that that server would either deliver it, hold it until it could deliver it, or hand it off to another server for delivery. Trust, however, has a price, and once bad people figured out that email was based on trust, they started making us pay that price.
Because bad people figured out they could send emails that look like they are coming from anyone on the Internet, people much smarter than me knew they had to do something to secure our email system. If someone could send you an email that said it was from your mom, and that email contained a link to show you cute puppies, you trusted that it was from your mom, so you clicked the link; thus Phishing was born.
These days, email is a lot more secure. The smart good people have figured out ways to build technologies like Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). These systems help protect emails by protecting who can send emails for a given domain. If you have SFP and DKIM setup, most email servers will recognize them and use them to make sure that the email it just received that SAID it was from you, actually IS from you.
The biggest problem with SPF and DKIM is that they are not easy to setup. To configure them, you need to understand DNS and how to create specific types of records. This has hampered the widespread adoption of these concepts in the past.