How to prevent email spoofing and spam messages from your email domain

Recently, MNA has received a number of spam email messages that look like legitimate emails from our members. This issue can be frustrating and dangerous for both the sender and receiver. Luckily, there is a way to prevent spammers from sending emails pretending to be you. Email authentication & validation is a useful tool that only needs to be set up once, and can ensure that your domain and email address are protected from these attacks.

A spammer sends out an email message that looks like it’s from you or your email address. Often, that email will include a link or an attachment that, if clicked, causes a problem for the recipient. That may mean a virus, a phishing attempt to collect sensitive information, or other bad intentions.

This is easy for hackers to do if you don’t have your domain correctly protected – all they need to do is put your email address in the “from” section of the email header.

In a spoofing spam, the email looks like it comes from your real email. Recipients who receive the message may mark it as spam – ultimately telling email providers that your domain (such as @mtnonprofit.org) is a bad actor, which makes it harder for your real emails to get delivered.

If your organization uses email to solicit donations, communicate with clients, or other important work, your domain reputation is critical for ensuring that your emails reach the people’s inboxes. To protect your reputation, you need to make sure emails from your domain are not flagged as spam.

If you get an email from someone you know with a link or attachment you didn’t expect – DON’T CLICK IT or DOWNLOAD IT, and don’t flag it as spam. The spammer is relying on your curiosity. These emails are often short and intentionally vague. Often, the spammer will go as far as to copy someone’s real email signature to make it look legitimate.

Here’s an example email we received recently (with name removed to protect privacy):
Subject: Approved Statement from [org name redacted]_03_12_25
Good morning,
Please find the attached statement for your review.
Let me know if you have any questions.
[sender name redacted]
As you might have guessed, the attachment most likely contained a computer virus. But this sender is an MNA member, and we want to make sure that we still get their emails when they have legitimate questions for us!

In order to prevent this from happening, you need to set up something called email validation for your domain. This tells email providers what to look for to check if an email is really from you, and helps them block emails that are not from you, while delivering your legitimate emails.

Contact your web administrator – whoever helps you set up or maintain your website – and ask them to help you set up SPF, DKIM, and DMARC email authentication.

SPF, DKIM, and DMARC are email authentication protocols that work together to prevent spoofing and phishing. SPF (Sender Policy Framework) specifies which mail servers are authorized to send email for a domain. DKIM (DomainKeys Identified Mail) adds a digital signature to emails to ensure they haven’t been altered in transit. DMARC (Domain-based Message Authentication, Reporting, and Conformance) uses SPF and DKIM to tell receiving servers how to handle emails that fail authentication checks.

These can be complicated to set up, and require access to your domain registrar. Doing it incorrectly can jeopardize your website and your email accounts. That’s why it’s important to ask a web professional to help you do it.

Pricing for this service depends on how complicated your domain setup is and the amount of time it takes to get access to your accounts. It often ranges from about $200-$1000, with most likely coming in close to $500. Reach out to these experts to chat through your situation and get a quote.

Mike Marlow at Information Systems of Montana

sales@infosysmt.com | 406 – 443-8386 | https://www.infosysmt.com/

Eric Franzon at Smart Data Websites
eric@smartdatawebsites.com | 323 – 856-1474 | https://smartdatawebsites.com

Koltson Brewester at Upic Solutions
kolston.brewster@upicsolutions.org | (859) 993-8206 | https://upicsolutions.org/