Skip to main content
Join Our Mailing List
High School Students Posing For Photo
Programs and Services » Cybervision20 » Email Security (Eyes Front)

Email Security (Eyes Front)

Introduction 
Eyes Front is a per institution initiative for each school district to be able to monitor their internet facing network resources and to be aware and alerted when there is an exploitable network vulnerability. This project is designed so that every school district can begin monitoring their external facing networks with an affordable solution; most services only require the districts time to implement and monitor. 
 
Scope

The scope of the plan is to provide a reasonable cost solution that allows each LEA to begin monitoring their internet facing services and websites; be alerted when there is a network vulnerability, block malicious emails, and protect their DNS services.

Areas that are addressed in the project are:

  • Securing District email systems
  • 24x7x365 Security Operations Center (SOC)
  • IP and Domain Monitoring
  • Internet Facing Network Vulnerability monitoring
  • Malicious-Domain blocking and reporting
  • Protecting DNS services from Cache Poisoning and spoofing
  • Adoptions of a cybersecurity framework and cybersecurity policies
Securing District email systems

LEA spam protection is critical in preventing malicious actors from compromising the district. Three know services, once implemented will reduce the risk of malicious email from being received; removing malicious actors from using the LEAs domain name as a way of spoofing email, and delete emails not generated by the LEA. These three know services are SPF, DKIM, and DMARC.

SPF, DKIM and DMARC are ways to authenticate your mail server and mail services to prove to ISPs and mail services that senders are truly authorized to send email. When properly set up, all three prove that the sender is legitimate, that their email address has not been.

NOTE:  You will need access to change DNS records for your domain to implement SPF, DKIM, and DMARC.

NOTE:  LEAs may want to require all vendor's they work with to have SPF, DKIM, and DMARC records. It would be best practice to add this requirement to RFPs.

 

Sender Policy Framework (SPF)

SPF is a DNS TXT record that specifies which IP addresses and/or servers are allowed to send email “from” that particular domain. It’s essentially liked the return address that’s placed on a letter or postcard that lets the recipient know who sent the communication. The idea is that if they know who sent them the letter, the recipient is more likely to open it. 

Domainkey Identified Mail (DKIM)

DKIM is also known as “email signing”. DKIM is a DNS TXT record that’s added to a domain’s DNS. If SPF is likened to a return address on a letter, DKIM is likened to sending that letter via Certified Mail as it further builds trust between the sending server and receiving server. DKIM’s intent is to prove that the contents of an email message haven’t been tampered with, that the headers of the message have not changed (e.g., adding in a new “from” address) and that the sender of the email actually owns the domain that has the DKIM record attached to it or is authorized by the owner of the domain to send emails on their behalf.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC is an email authentication, policy and reporting protocol that’s actually built around both SPF and DKIM. DMARC is a DNS TXT record that’s added to a domain’s DNS. DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of peoples’ inboxes. DMARC is a standard that allows email senders and receivers to cooperate in sharing information about the email they send to each other. This information helps senders improve the mail authentication infrastructure so that all their mail can be authenticated. It also gives the legitimate owner of an Internet domain a way to request that illegitimate messages – spoofed spam, phishing – be put directly in the spam folder or rejected outright.

It has three basic purposes:

  • It verifies that a sender’s email messages are protected by both SPF and DKIM,
  • it tells the receiving mail server what to do if neither of those authentication methods passes, and
  • it provides a way for the receiving server to report back to the sender about messages that pass and/or fail the DMARC evaluation.
 

While SPF and DKIM are gaining wider adoption, DMARC is still something that is taking a while to catch on. That said, prudent email administrators WILL get all three set up for the domains they manage as more and more ISPs and email providers are beginning strict enforcement of all three. As the saying goes, “an ounce of prevention is worth a pound of cure.” For email, this has never been truer. Having all three records in place shows that your email domains are truly who they say they are. It also shows that you as an administrator, and your domain administrators as well, are all serious about ensuring you’re following best practices and doing your part to prevent spam, phishing and other email security issues.