Exchange Online, part of Office 365, is one of the most popular email services in the world. It’s used by everything from huge enterprises to small one-man businesses. It’s not unexpected that it is one of the most popular targets for spam and phishing attacks. In this article, I will explain how you can improve your organization’s email reputation on the Internet with Exchange Online and some PowerShell.
A lightweight alternative to daunting SPF, DKIM, and DMARC management tasks for Windows Admins.
Simply specify your domains, the receiving servers, and the features you want to enable. Based on your changes, DNS record changes are generated and sent to your registrar for immediate implementation. This module is ideal for Sysadmins who are responsible for managing their organization’s email reputation but have none or few resources.
It can retrieve DNS records for all SMTP domains in an organization by querying either the DNS records or the mail exchanger (MX) record of the primary domain. It can check SPF, DKIM and DMARC records by sending emails to the respective contacts and documenting if a record fails validation. If all records pass, it can send a message describing the results. Finally, it can create a textual report from the test results for each domain.
Most organizations already use the Sender Policy Framework (SPF), which basically is a list of valid mail servers and services that can send email using the mail domain in question. SPF has shortcomings and is not adequate protection. This is where DKIM and DMARC comes into the picture.
DomainKeys Identified Mail is a system where an email sender can publish a public key and use it to sign an email and arrive at a recipient's e-mail server using the recipients domain to prove that the mail is legitimate and send from valid SMTP servers. With DKIM, Email cannot be forged by spammers/hackers/robots to look like it came from your server because they do not have access to or knowledge of your private keys. It is primarily used by ISPs, Corporate mail servers to validate the source of incoming mail prior to passing them on to their users.
DomainKeys Identified Mail (DKIM) is a means of providing authentication and validating a public key that corresponds to a given email address. DKIM uses a private key to apply a digital signature on outgoing mail, and it uses a DNS TXT record to publish the public key. The receiving server can then use the public key to determine whether the emails are coming from the correct server or not. The public key is saved in Office 365 and the recipient finds them through DNS (CNAME and TXT records).
Works much like SPF where there is a DNS record that contains all allowed email servers for a specific SMTP domain, but there is an important difference. With Domain Message Authentication Reporting & Conformance (DMARC), the sender and receiver will co-operate and share information about how their different email systems work and how they see each other’s incoming emails.
A poor reputation can reduce open rates and lead to emails failing to reach the inbox in the event of a delivery failure. DMARC allows email receivers to setup policies based on the information received from senders, which may include rejecting emails, quarantining emails or reporting back to the sender.
In this way, it gives you the opportunity to mitigate the damage caused by a phishing attack or spoofing attempt. The Domain Message Authentication Reporting & Conformance (DMARC) protocol allows domain owners to express their policy for how to handle email message authentication failures. It is a means of combating fraudulent e-mail and e-mail spam. DMARC also allows the domain owner to obtain information about potential message forgeries and helps protect their brand and reputation.
You will probably want to enable these protection technologies for all your SMTP domains that can be used for sending emails from your organization. Remember to include domains that you mainly use, or can use, with SMTP relaying and such. This PowerShell command will fetch all your SMTP domains actually used in mailboxes in Exchange Online.