Overlooked Email Security: The risks of misconfigured records

Technical guidance

Tuesday, 3 June, 2025

Graph

Email is a critical tool for businesses, however many overlook the security measures that keep it safe.

Key security records and configurations help prevent fraud, but when they are missing or set up incorrectly, cyber criminals exploit them to send impersonated emails, steal sensitive information and launch large scale attacks.

Despite their importance, many businesses fail to configure these protections properly, introducing security risks.

What are email authentication records?

Email authentication records help confirm that an email is coming from a trusted source. The three main records are:

SPF (Sender Policy Framework): Specifies which email servers are allowed to send emails on behalf of a domain.
DKIM (Domain Keys Identified Domain): Uses a digital signature to ensure that an email has not been tampered with.
DMARC (Domain-based Message Authentication, Reporting and Conformance): Tells email servers what to do with emails that fail SPF or DKIM checks, and provides reports of suspicious activity.

When properly set up, these protections prevent email fraud and phishing. However, if they are missing or incorrectly configured, attackers can exploit the weaknesses.

The risks of incorrect email settings

If these security settings are not properly configured, businesses face serious risks, including:

Email Spoofing: Cyber criminals can send fake emails that appear to be from a trusted source, tricking people into sharing sensitive information or clicking on malicious links.
Business Email Compromise (BEC): Attackers can impersonate company executives or vendors to steal money or data, usually by sending fraudulent invoices.
Reputation Damage and Email Issues: If a company’s email is used for spam or scams, it can be blocked or marked as untrustworthy, making it harder for real emails to reach customers.

A real world example: Botnets exploiting email misconfigurations

A recent report by Infoblox revealed that cyber criminals have taken control of approximately 13,000 MikroTik routers worldwide, turning them into a network, or botnet, used to send malicious emails and perform other cyber attacks.

These compromised routers exploited weak email security settings in over 20,000 domains, allowing attackers to send fake emails that appeared legitimate.
The attackers used these routers to hide their true location, making it difficult to trace the malicious activities back to them.

This highlights how even a small security oversight can be used for larger, more damaging attacks.

How to set up email security correctly

So, you ask, what do we do about it? Well, to protect your business from email fraud, follow these steps for all your domains (yes, even those that are not configured to send email!):

Enable Multi-factor authentication

Ensure that access to your DNS configuration has MFA enabled to prevent domain takeovers or unauthorised changes to your DNS records.

Set up SPF properly

List only trusted email servers in the SPF record (e.g., v=spf1 include:mailprovider.com -all)
Use -all to block unauthorized senders instead of ~all, which allows some failures.
Avoid broad SPF settings that might let in unapproved senders. More than 10 lookups in your record may cause issues.

Enable DKIM

Create DKIM keys and store them in your DNS settings.
Ensure that all outgoing emails are signed with your DKIM key.
Update your DKIM keys regularly to improve security.

Use DMARC for added protection

Start with p=none to monitor email activity before enforcing stricter settings.
Gradually change to p=quarantine or p=reject to stop fake emails.
Enable and check DMARC reports regularly for unusual activity.

Regularly check your email security settings

Use free tools like MXToolbox or DMARC Analyzer to verify your records.
Keep logs and review them for suspicious activity.
Schedule regular audits to keep your email security up to date.

Here is an article from Hostinger where they cover How to Change DNS Records in Most Domain Registrars with a lot of detail.

Ignoring email security settings can put businesses at risk. Cyber criminals exploit weak or missing email protections to send fraudulent messages, steal data and money.

By correctly setting up SPF, DKIM and DMARC, and regularly reviewing them, businesses can protect their email systems and reduce security threats.

Taking these steps is a simple but effective way to secure communications and build trust with your customers and partners.

Photo by Stephen Phillips