Do you have your own mail domain? Great, but is it secure?

Mail addresses are so common that the question of who has one is unnecessary.

Most of you will have mails like: name.name@gmail.com or name.name@outlook.com or maybe name.name@icloud.com.

However, it is also possible that you have an address that is a little different from everyone else's. Maybe your parents or another family member manages a domain (a domain is a "website address" like v4zen.com) and so you have a short(er) address like yourname@familyname.com.

Yes, that's much cooler than the others!

BUT (yes, it's sad, but reality is depressing), maybe everyone in the world who has an internet connection can send mails from YOUR address.

Imagine (or better not): Someone sends a message from your address to your friends with links or material that could be a threat to your reputation. I don't think you want that to happen.


But how?

The problem is pretty simple: when you send an email to (for example: me) hi@vlentin.com, my email program shows me the message from your address.

How can my mail program know who is the sender of this mail? Your mail program simply writes your address in the mail to me.

And now you may already see the risk, you could write ANYTHING as sender address.

(For those readers who work in the IT scene or know a lot about computers, networks and protocols: I'm sorry for explaining it this way, and I know that what I said is not 100% correct. But to make sure that all readers understand the principle, I explained it this "wrong" way)

Of course, there are tools that prevent you from writing anything. They are called:

SPF, DKIM and DMARC

I won't explain in detail how these tools work, you can read more about them in this article: digicomp.ch/blog/

This technics work pretty good and safe. The only problem:

You (or the domain admin) must configure these three parts yourself. In most of the cases, e.g. when you set up your domain in Outlook, the mail-service gives you tips how to set up your domain. Also it recommends you (so called) "DNS records" and shows you examples (DKIM/SPF/DMARC are configured with DNS records).

Sadly, they are people who don't do that. Most of time cause it is "too complicated" (ABSOLUTLY WRONG! It is much more complicated to restore your reputation after a abuse of your domain by others).

The big companies like Apple, Google, Yahoo, Microsoft, Facebook and so on secure their domains of course. They know how to stay safe and they have teams for this purpose. That is, if you have a @icloud.com, @gmail.com, etc. Mail address, you are safe from this kind of attacks (unless you choose a weak password for your account).


Now: how can I check if my mail is "insecure"?

If you have @icloud.com etc, just make sure you choose a strong password and enable two-factor authentication.

If you have a "family mail" (I call these mail addresses with individual domains that. Don't get confused), go to your computer's terminal.

Type the following (replace yourdomain.com with the domain of your mail address (the part after the @), but keep _dmarc):

dig TXT _dmarc.yourdomain.com

The terminal should return something like:

v=DMARC1; p=reject;

Otherwise, you should talk to your administrator.


Please, please pay attention to the security of your maildomain, otherwise the dream of a "cool email" will quickly become a nightmare


Byyyyyeee

🙏Valentin