Your domain needs SEGs and email authentication, both

DMARC is the only email authentication protocol that gives you both enforcement and visibility, says Brad Slavin, General Manager of DuoCircle. SPF and DKIM authenticate silently - DMARC tells you what happened and lets you control the outcome. That combination of reporting and policy is why DMARC adoption is accelerating.

The three core email authentication standards - SPF (RFC 7208), DKIM (RFC 6376), and DMARC (RFC 7489) - work together to verify that an email genuinely originates from the domain it claims to represent. Since February 2024, Google and Yahoo require all three for bulk senders. DMARC Report

Your domain needs SEGs and email authentication, both

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-14691">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/07/Your-domain-needs-SEGs-and-email-authentication-b.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M32S">2:32</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-14691" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-14691" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-14691" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-14691" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/your-domain-needs-segs-and-email-authentication-both/&t=Your domain needs SEGs and email authentication, both" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/your-domain-needs-segs-and-email-authentication-both/&url=Your domain needs SEGs and email authentication, both" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/07/Your-domain-needs-SEGs-and-email-authentication-b.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/your-domain-needs-segs-and-email-authentication-both/" class="input-link input-link-14691" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-14691" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-14691” readonly/>

					<button class="copy-embed copy-embed-14691" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Breaches caused by phishing take a lot of time to be discovered, and mitigating their effect becomes all the more difficult. As many as 3.4 billion phishing emails are shot at targets daily, which is about **1.2% of all emails sent in a day. This roughly means that for every 4200 emails sent, one is a potentially phishing email attempting to manipulate targeted recipients into sharing sensitive information, downloading malware, transferring funds, etc.

If you own a domain, **it’s part of your job to ensure your email-sending domain is protected. If you already have Secure Email Gateways or SEGs in place, that’s great. But do you also have email authentication protocols, mainly SPF, DKIM, and DMARC, in place?

Well, you need both. Are you curious to know why? Read along.

What are Secure Email Gateways or SEGs?

SEGs are email security tools that protect emails using **signature analysis and machine learning, aiming to detect and avert potentially harmful emails before they reach recipients’ inboxes. They prevent instances of phishing, spoofing, and ransomware attacks, protecting the brand’s reputation and the privacy of employees, clients, prospects, stakeholders, etc.

Originally, SEGs were designed to combat spam emails, but over time, **experts integrated them with machine learning and threat intelligence to spot and mitigate more advanced email-based cyberattacks and other novel threats.

SEGs operate using either of the two methods mentioned below.

DNS MX record

An MX record is a DNS entry that specifies the IP address of a corporate email server. SEGs can route all incoming email traffic through themselves by updating an organization’s MX record to point to the SEG. This allows the SEG to inspect and filter emails before forwarding them to the organization’s email server.

API integration

Modern email platforms like Google Workspace or Microsoft 365 offer APIs for third-party integrations. These APIs let external applications read and edit emails, enabling SEGs to monitor email content directly within the email platform.

SEGs using APIs can monitor and protect **outbound emails and retroactively remove malicious emails from inboxes.

What is email authentication?

Email authentication simply means enabling the recipient’s server to check if the email it received from your domain is sent by a genuine person or not. This is done using email authentication protocols that are deployed at the sender’s end. So, as the owner of the sending domain, you can specify which IP addresses** (of employees, third-party vendors, CXOs, etc.) you trust to be used for sending emails on behalf of your brand. If an email is sent by any other IP address, then the **recipient’s server perceives it as illegitimate. In this case, you, as a domain owner, have the power to instruct the recipient’s server on what to do with illegitimate emails sent from your domain. You can instruct the recipient’s server to take no action, mark them as spam, or reject their entry altogether.

In short, you do not let an email sent by an unauthorized sender sit in the recipient’s inbox**. This minimizes their chances of coming across a potentially fraudulent email, opening it, and getting duped.

The three email authentication protocols are- SPF, DKIM, and DMARC. There are two other less-used protocols too- ARC and BIMI.

SEGs and email authentication- a robust combo against email-based threats!

The idea of cybersecurity is to deploy a combination of approaches that works as the best fortifier. SEGs and email authentication are complementary; while some SEGs enforce DMARC authentication policies as part of their filtering mechanisms, they do not configure or maintain email authentication for domains, nor do they monitor or process DMARC reports. When used, these reports act as an additional anchor for SEGs to use for updating their database and blocking attacks they might oversee otherwise.

Moreover, email authentication provides unique value beyond what SEGs offer. It protects against BEC, brand hijacking (where attackers use your brand to deceive consumers), and targeted spear-phishing aimed at impersonating executives. Additionally, email authentication safeguards emails sent by **cloud services using your domain.

We at DMARCReport are reporting ninjas!

We can **analyze reports on your behalf and suggest necessary adjustments that your DMARC record requires to stay relevant in preventing attacks. Please feel free to contact us.

Sources

• RFC 7208 - Sender Policy Framework (SPF)
• RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)