Contents
Introduction:
FBO One sends various email messages, ranging from handling confirmations/cancellations, aircraft movement messages, third party service requests, payment receipts, invoices to name just a few.
Due to the nature of these emails, it's important that these emails are delivered to the receipient from your email domain and in a secure manner,
FBO One offers several features to ensure that messages are encrypted and to help avoid these emails from being marked as spam or as a suspicious mail.
Email Security Features
DKIM & SES
FBO One sends email messages via DKIM and Amazon Simple Email Service (Amazon SES) which provides the highest level of security and encryption. DKIM ensures tamper proof emails are delivered and that all messages are signed with an encrypted checksum.
What is DKIM (DomainKeys Identified Mail)?
DKIM is an email authentication method designed to detect email spoofing and phishing. DKIM allows the sender of an email to digitally sign the email, providing a mechanism for the recipient to verify that the email was indeed sent by the claimed sender and that it hasn't been altered during transit.
Here's a brief overview of how DKIM works:
1. Signing: When an email is sent, the sending mail server signs it with a private key. This key is associated with the sending domain.
2. DNS Record: The public key is published in the domain's DNS records. This allows anyone receiving the email to look up the public key.
3. Verification: The receiving mail server, upon receiving the email, uses the public key from the DNS records to verify the digital signature in the email header. If the signature is valid, it means the email has not been tampered with during transit and is likely from the claimed sender.
DKIM helps in ensuring the authenticity of the sender's domain and can be used by email receivers to help identify and filter out emails that might be malicious or forged. It's one of the techniques used to enhance email security and reduce phishing attacks.
What is SES (Simple Email Service)?
FBO One uses Amazon SES which is is a cloud-based email sending service provided by Amazon Web Services (AWS). It offers several security features and benefits to help ensure the integrity and security of your email communications.
Here are some key security benefits of SES:
1. Authentication Mechanisms:
- DKIM (DomainKeys Identified Mail)
- SPF (Sender Policy Framework)
2. Secure Connection:
- SES uses secure communication channels through protocols like TLS (Transport Layer Security) when sending and receiving emails. This helps protect the confidentiality and integrity of the email content during transmission.
3. Identity and Access Management (IAM)
- SES integrates with AWS Identity and Access Management (IAM), allowing you to control who can access and manage your SES resources. IAM enables you to set fine-grained permissions for users and services.
4. Bounce and Complaint Handling:
- SES automatically handles bounce and complaint notifications, providing insights into email delivery issues. This helps you identify and address potential problems and maintain a good sender reputation.
5. Content Filtering:
- SES includes content filtering capabilities to help identify and filter out potentially malicious or unwanted content in emails, contributing to a more secure email environment.
6. Monitoring and Logging:
- SES provides detailed logging and monitoring capabilities, allowing you to track email delivery, analyze performance, and identify any suspicious activities. This helps in maintaining visibility into your email infrastructure.
7. AWS CloudTrail Integration:
- SES integrates with AWS CloudTrail, a service that provides a comprehensive view of AWS API calls. This integration allows you to audit and monitor SES API activity for security and compliance purposes.
It's important to note that while SES provides a secure platform for sending emails, users also play a crucial role in maintaining security by following best practices, managing access credentials securely, and staying informed about security updates and features.
What is SPF (Sender Policy Framework)?
SPF is an email authentication protocol designed to prevent email spoofing. SPF allows the owner of a domain to specify which mail servers are authorized to send emails on behalf of that domain. This helps prevent unauthorized sources from sending emails that appear to be from your company domain, thus reducing the likelihood of phishing and spam.
An SPF record added to your company DNS records verifies FBO One servers as authorized senders of email using your company domain information.
Here's how SPF works:
1. DNS Record: The domain owner publishes a special DNS TXT (SPF) record that lists the authorized mail servers for that domain.
2. Email Sender Verification: When an email is received, the recipient's mail server checks the SPF record of the sender's domain by looking up the DNS records. It compares the IP address of the server sending the email with the list of authorized IP addresses in the SPF record.
3. Verification Result: If the IP address is listed as authorized, the email passes the SPF check. If the IP address is not listed or is unauthorized, the email might be marked as suspicious or rejected.
SPF helps verify the authenticity of the sender's domain by confirming that the email was sent from an authorized mail server. It's one of the measures used to combat email spoofing and improve email deliverability. Combining SPF with other authentication methods like DKIM (DomainKeys Identified Mail), provides a more robust email authentication system.
Related Articles:
For information on how to verify your current security settings and apply these measures please refer to the article Setting Up FBO One For Sending Email
Comments
0 comments
Please sign in to leave a comment.