Simuna InfosecSIMUNA INFOSEC
Educational

Email Header Analysis for Security: Detecting Spoofing and Phishing for Singapore Enterprises

Email headers reveal whether messages are genuine or spoofed. Understanding SPF, DKIM, DMARC, and ARC for email authentication. Guidance for SG market.

Email authentication headers — SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication) — verify that emails genuinely come from the claimed sender domain. Security assessment evaluates: are SPF records correctly configured? Is DKIM signing implemented? Is DMARC policy set to reject or quarantine (not just monitor)? Can your domain be spoofed despite these controls? And are employees trained to recognise emails that pass authentication but use lookalike domains?