Trustifi’s unique “Domain Spoofing Control” feature allows applying additional protection against spoofing and various methods of impersonation, for domains that are a major part of your inbound traffic.
One of the most common avenues for attack today is for bad actors to try and spoof or impersonate people and domains that you are in frequent contact with such as partners, clients, vendors, etc.
To protect against these attacks, we recommend adding these domains to the “Domain Spoofing Control” list.
When a domain is added to this list, Trustifi will initially create a baseline of regular, legitimate email flow from this domain and generate a unique digital signature for it.
Later on, whenever an email is received from one of these domains, the source signature will be checked to see if it matches the signature on file – if the signature matches the email will be considered safe and verified, otherwise it will be considered an impersonation/spoofing attempt.
Note: Trustifi protects all emails and domains against regular spoofing attacks (even those not in the “Domain Spoofing Control” list), however the DNS spoofing control can protect against even the most sophisticated attacks.
Adding a domain to the “Domain Spoofing Control” list
In the Trustifi admin portal, navigate to “Inbound Management” and then to the “Domain Protection” section.
In this section, open the “Domain Spoofing Control” page. There, simply add the domain(s) you wish to the list by clicking on the “Add domain” button.
Verified sources
Whenever an email is scanned by Trustifi and it matches the trusted domain source, it will display this status – “The email source has been verified“.
This status indicates the email source has been verified and can be trusted.
Unverified sources
If an email is scanned by Trustifi and it does not match the trusted domain source, it will be regarded as malicious and will display this status – “Email source failed in the verification process and is apparently spoofed“.
This indicates the source of the email is unknown and cannot be trusted.
Signing an email source
Since the “Domain Spoofing Control” mechanism is based on signature comparison, there is a possibility that legitimate emails may be flagged as a potential attack, if their origin source is new or unknown to the system. This can happen if a new system is added to the sender’s mail flow, or if a different MTA is being used.
If you received an email that was flagged as an unverified source, but you are confident the source is legitimate, you can simply sign this new source as legitimate to avoid having it quarantined in the future.
To do so, simply view the email threats analysis from the “quarantined emails” page by clicking on “Actions” > “Threat Analysis” and then click on “Sign Source“.
This will confirm to Trustifi this email source is legitimate, and emails from this source will not be quarantined in the future.
Viewing domain sources
You are also able to view and have control over the various source signatures belonging to your protected domains. To do this, simply click on the “Actions” menu for one of these domains and click on “View Sources”.
Here you can see all the sources that are considered verified for this domain. Each source will display information about its origin and identity and a breakdown of the authentication standards.
Sources are displayed according to the type of email – regular emails, calendar invites, Non-Delivery Reports (NDR) and Out of Office messages (OOF). You can click on the relevant tab to view these sources.
For each source, you will also see an indicator of the “Strength” of this signature. A source signature is considered strong if all of the authentication standards, such as SPF and DKIM, exist for the domain and are valid, if the domain’s authentication standards do not exist or have failed, it will be considered weak.
If you find that your own domain has a weak signature we highly recommend contacting our support team to see if there is an issue with your domains authentication standards and help resolve it.
Additionally, you can also remove specific source signatures by using the “Actions” menu for that source.
Analyze Domain
You can gain further insight into the configuration of your secure domains by using the “Analyze Domain” option from the “Actions“ menu.
The domain analysis view will provide insights such as:
- The domain’s SPF or DMARC records
- Any syntax errors in the domain records
- Trustifi will also provide recommendations to improve the domain records
