Enhancements Community Banks Can Make To Improve Email Deliverability and Defend Against Phishing

May 13, 2021

By Lawk Salih  

Email scams are ubiquitous these days. The FBI reported there were more than $1.8 billion in losses from Business Email Compromise last year and more than 240,000 reported phishing-related scams. According to Verizon, 22 percent of the 3,950 breaches reported in 2020 involved phishing scams that convinced victims to install malware using an email link or attachment.    

To better protect their institutions and customers, community banks can make incremental technological changes. The following enhancements to email settings will increase email deliverability and improve security against phishing scams.  

Enable Sender Policy Framework (SPF) Record  

What is an SPF record?  

An SPF record is a technique used to decide whether an email service can send emails on behalf of an organization’s domain address. SPF records will stop phishing attacks while boosting an institution’s domain reputation within the mail service providers.  

First, users must publish a record using their Domain Name Server (DNS) by adding a TXT record. This can be implemented by institutions that host or manage their mail service provider. Institutions that outsource their email service will need to work with providers to add the SPF information.   

How to check for SPF records?  

Mimecast’s SPF Record Checker allows users to check whether they have a valid SPF record for their domain and email senders. Users may type their domain address into the search box, review the results, and seek out any problems with SPF records requiring attention. All SPF records in good standing will display a message of: “We did not find problems with your SPF record.”   

Enable DomainKeys Identified Mail (DKIM) Record 

What is a DKIM record? 

Identifying legitimate emails is difficult, but DKIM is designed to digitally sign messages to ensure email messages are not altered while in transit. By linking the email back to the authorized domain address, this technique will allow the receiver to ensure the email is authorized by the owner of the domain address.  

How to check for DKIM records?  

There are many tools available to check and validate the DKIM records within a DNS, including Mimecast’s DKIM Checker. Users will need the DKIM selector and the domain name for the checker to run. 

Enable Domain-based Message Authentication, Reporting and Conformance (DMARC) Record 

What is a DMARC record?  

DMARC is a protocol that uses SPF and DKIM to determine whether an email message is authentic. It is widely used by internet service providers to prevent scams, such as unauthorized impersonations to phish employees. DMARC works well with SPF and DKIM to determine which email services are authorized using an institution’s existing DNS.  

How to check for DMARC records?  

Like SPF and DKIM, users can also run diagnostics against their DMARC policies to determine the authenticity of the DMARC records using the MxToolbox DMARC Check Tool

Additional Resources for Community Bankers  

These resources can help configure SPF, DKIM, and DMARC records:  

While email scams only continue to increase, these technological enhancements go a long way in improving email deliverability and security for community banks. 

Lawk Salih is ICBA vice president of infrastructure and digital solutions.