An Original Thought
May I suggest that you have your own domain?
The common wisdom, or is that common whizdumb, is to own your own name as a domain name. I own “reinke.cc”. (I like saying “sea sea me at reinke.cc”! me@reinke.cc will actually work!)
It gives one quite a bit of control. And, it’s very cheap. I know three solutions: wordpressdotcom with gmail, email only with 1and1, and domain+email+webspace also at 1and1.
My point is not that you should use 1and1. http://www.1and1.com/?k_id=9113251 I could care less which one you use. It’s that getting on to your own domain with email is cheap and easy.
And, it’s not aol, hotmail, yahoo, or gmail. It IS your own “personal brand”. And, the “bad guys” can’t fool you!
If you have your own domain, you can “bulletproof” your email from phishing and frauds!
Let’s assume that you have “your own domain” named “yourowndomain.com”, and you bank at “your bank” at “yourbank.com”.
You give “yourbank.com” your email address as “yourbankcom@yourowndomain.com”. (Be prepared for some strange looks when you do this because the folk never heard of such and email address.)
Then you can set up an email filter — let’s use Gmail as an example — that says:
- Comes from “yourbank.com” and
- Is addressed to “yourbankcom@yourowndomain.com” and
- You specify an label of “yourbank”
So all your email comes into GMAIL and gets assigned a label “INBOX”.
- Anything that comes in that purports to be from “yourbank” MUST have the GMAIL assigned label of both “INBOX” and “yourbank”.
- You can also set up an email filter for addressed to “yourbankcom@yourowndomain.com” and NOT addressed from “yourbank.com” and label it “PHISHING ATTACK”.
- You can also set up an email filter for addressed NOT to “yourbankcom@yourowndomain.com” and addressed from “yourbankcom@yourowndomain.com” and label it “BANK GAVE OUT YOUR EMAIL ADDRESS”.
Pretty tricky and quickly eliminates PHISHING ATTACKS and identifies when the “BANK GAVE OUT YOUR EMAIL ADDRESS”.
Applause please?
Why the email providers can’t protect you by using the appropriate internet protocols is beyond me!
*** begin quote ***
Email authentication methods and protocols
- SPF (Sender Policy Framework)
A sender policy framework (SPF) is a record published in your DNS that lists all the IP addresses that are allowed to send emails on behalf of your domain. When an incoming email is received, the recipient server will check the SPF record to verify if the sending IP address is authorized to send emails for that particular domain. If it’s not listed in the SPF record, there’s a higher chance that the email will be marked as spam or blocked altogether. While SPFs can help to prevent spam and phishing attempts, they also may reject legitimate emails in situations where the sender’s domain SPF records aren’t properly configured.
- DKIM (DomainKeys Identified Mail)
DKIM stands as a pivotal technology in the battle against email spoofing by attaching a digital signature to each outgoing email, linked directly to the sender’s domain name. This signature enables the recipient’s email server to verify whether an email purportedly sent from a specific domain is authorized by that domain’s owner. Given that emails often undergo multiple hops—redistributed by mailing lists or forwarding rules—DKIM ensures that signed messages can be reliably relayed by any server, maintaining their integrity and authenticity throughout their journey.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance)
The DMARC protocol was built on top of SPF and DKIM, and relies on senders and receivers sharing information to ensure a smooth validation process. DMARC refers to SPF and DKIM records to validate a sender’s identity, along with testing whether the domain they use is found in the “from” address. If an email does not pass the validation test, DMARC provides rules on how to treat the message based on certain conditions. This protocol can help domain owners block phishing attacks by filtering such messages into spam, or rejecting them altogether.
- BIMI (Brand Indicators for Message Identification)
If you’ve ever seen an email from a brand that included their logo right in the sender column, that brand was using BIMI. Improving email security with BIMI involves using an authentication system that enables trusted senders to display an icon of their choice directly in senders’ inboxes. BIMI can boost recipients’ trust in your messages, while heightening visibility of your brand.
- MTA-STS (Mail Transfer Agent Strict Transport Security)
MTA-STS is a security standard that enables you to send and receive messages securely over an encrypted SMTP connection. The MTA-STS protocol enhances email security by enabling an SMTP client to confirm the server’s identity during the TLS handshake. It does this by requiring the server to present its certificate fingerprint, which the client then matches with a trust store of certificates from verified servers. This process ensures the client does not connect to fraudulent servers, maintaining secure communication.
- TLS reporting
TLS reporting is a mechanism that enables email senders to report issues with TLS connectivity.
T is more effective when used alongside MTA-STS. The strict enforcement mode of MTA-STS will prevent email delivery if TLS issues are detected, ensuring a higher level of security and reliability in email communications.
- ARC (Authenticated Received Chain)
ARC acts as a “chain of custody” for email messages. It enables every entity involved in processing the message to clearly see which entities have previously interacted with it. At every stage of handling, it provides a detailed authentication assessment. The primary advantage of ARC, now adopted by the majority of mail servers, is its solution to a significant issue: previously, when a DMARC-protected email was forwarded, it would fail DKIM authentication and, consequently, DMARC. ARC preserves all original authentication information, allowing the final recipient’s mail server to verify that the email was DKIM authenticated before being forwarded.
*** end quote ***
— 30 —
Reinke Faces Life 