Here at Giraffe, we scan an awful lot of emails every day, so we tend to find out when there’s a major new spam attack pretty quickly. We’ve seen quite a few recently that at first glance appear to come from legitimate companies.
They’re from genuine company email addresses with genuine signatures, valid names and telephone numbers and well-written emails mentioning invoices.
Imagine if your organisation’s details were on such emails. Could you handle a million or more calls from angry people asking why they have a virus encrypting their entire organisation’s data and demanding thousands of pounds or dollars back?
A quick Google search for “Sue Mockridge” or “Broad Oak Toiletries” will bring up lots of results referring to spam emails and fake invoices. And that’s not ideal if someone is researching your company before dealing with you!
That’s one reason why it’s so important to have a secure and solid email system in place. Another is to avoid the risk of falling victim to an incoming scam.
Having a dedicated email filtering system alongside this is also vital, to reduce the volume of spam emails your company receives.
Anyone with basic computer knowledge can easily send emails from a fake email address to anywhere around the world.
There’s almost always a link to a website to download the invoice or a Word document or a PDF attached claiming to be the invoice. What then happens after clicking on or opening the file is completely at the creator’s whim – but don’t be surprised if your PC and network files become encrypted and inaccessible.
If you don’t have security to counteract these spam attacks, you could find your entire workforce’s inbox’s full of unwanted emails, dramatically hindering your company’s productivity and potentially bringing your email system to a standstill. This, in turn, will prevent any incoming emails from being received and any outgoing emails from being sent while the systems are under such heavy use – potentially leading to lost sales.
One feature that can be easily implemented is called SPF (Sender Policy Framework).
‘What does this do?’ I hear you ask.
This security feature publishes a list of IP addresses that are authorised to send email from your domain.
If a spammer tries to send email pretending to be from you or your organisation, the chances of the email being delivered are drastically reduced, as only your employees will be able to send from authorised IP addresses.
This framework is not fool-proof, as not all email providers check for SPF, but if someone receives a spam email claiming to be from you and they didn’t check for SPF, in our opinion they are at fault for accepting the message from an unauthorised address!
Here’s an example of how SPF works…
The SPF record for an email from mydomain.co.uk returns 18.104.22.168 as the authorised IP address.
If Sally sends an email from her office email account (firstname.lastname@example.org), the email connection will come from address 22.214.171.124, which is the address of her office email server.
When the recipient accepts the message, they’ll see the connection from 126.96.36.199 and can then check for a SPF record and compare the returned SPF authorised address with the actual address connection.
If the IP address is authorised, the mail can be delivered. If it isn’t, the mail admin can decide what to do with it – usually dropping it into a spam folder or bouncing the message.
This protects your company’s reputation, which can easily be affected by spammers who send emails as your domain, leading to it being blacklisted.
Once on a blacklist you might find it very difficult to send emails to anyone, as email servers could reject them due to your domain’s poor reputation.
When we see these spam runs we generally try to contact the victim. We class the domain owner as the victim in these situations.
They didn’t send any of the emails, but have to deal with the backlash from countless people who’ve received spam or viruses from this domain containing valid signatures and telephone numbers!
Think of all of the bounce-back emails from email addresses that were spammed incorrectly, and all the angry or genuinely puzzled people replying to the forged spam. Could your mail servers handle this backlash? We can protect you with advice and help on SPF, minimising the number of emails forged from you and also provide filtering and a clean mail feed in the cloud that can handle dramatic spikes in traffic.
How easy is Sender Policy Framework to set up for my business?
This is something that can be set up very easily by Giraffe Connected Solutions, as we always provide this service for our clients. However, if you’re not familiar with DNS (Domain Name System), we wouldn’t recommend trying to set up yourself. If it is setup incorrectly, it could stop valuable emails being received.
If SPF is something you would like to be set up within your email system, contact us today and our expert team of engineers and administrator will be happy to assist you.