What to Know About Email Security Jargon

July 01, 2020

Ninety-three percent of REALTORS® in Texas report using email to communicate with clients and customers, according to the 2019 Profile of Texas REALTORS® Members. But real estate email communications are increasingly the target of wire fraud. In many instances, cybercriminals seek to “spoof” or pose as the email address of a legitimate participant in the transaction—such as an agent, broker, or title company—to trick victims. However, there are measures that can be implemented to help weed out messages from illegitimate sources.

Knowing the following terms can be helpful when discussing email security with technology staff or implementing email marketing services. Taking steps to prevent your email address from being associated with fraudulent activity can also lead to more of your messages being delivered correctly, as email service providers look favorably on the use of the technologies below.

DomainKeys Identified Mail (DKIM)

DKIM is a method of authenticating that an email message did come from the address shown as the sender in the From field that’s displayed in your email client. A digital signature goes out with each message that can be checked against the public Domain Name System (DNS) record of the sender’s address email. Only owners of a domain can edit its public DNS record.

Sender Policy Framework (SPF)

SPF is another authentication method. A list of servers that can send email on behalf of a domain is published in its public DNS record, which receiving email servers can use to check the sender in the digital envelope of a message. SPF is most effective when paired with DKIM, which checks the address visibly displayed as the sender.

Domain-Based Message Authentication, Reporting, and Conformance (DMARC)

DMARC functions as a set of instructions for how to verify email from a domain and what to do with messages that can’t be verified as authentic. Receiving email servers can check the DMARC policy in a domain’s public DNS record to see which authentication method to use (SPF, DKIM, or both), how the visibly displayed From field should be checked, and whether to quarantine or reject messages that fail authentication. A DMARC policy can also stipulate how to notify a domain’s owner of messages that fail authentication.

Legal Disclaimer

Texas REALTORS® provides content through various online platforms, including this blog. By interacting with any of our blog posts, you agree to comply with the following terms and conditions:

a. You will not post any defamatory, discriminatory, libelous, threatening, vulgar, sexually explicit, abusive, profane, rude, or obscene content (including comments);
b. You will not use our blog posts or posted content to do anything unlawful, misleading, malicious, or discriminatory; and
c. You will not post content or take any action on our blog posts that infringes someone else’s rights or otherwise violates the law.
d. You will not post any information intended to sell or advertise a business, product, or service.

Texas REALTORS®, in its sole discretion, reserves the right to remove any content you have uploaded, posted, or submitted onto any of our blog posts if we believe that it violates these terms or conditions.

The material provided here is for informational purposes only and is not intended and should not be considered as legal advice for your particular matter. You should contact your attorney to obtain advice with respect to any particular issue or problem. Applicability of the legal principles discussed in this material may differ substantially in individual situations.

While Texas REALTORS® has used reasonable efforts in collecting and preparing materials included here, due to the rapidly changing nature of the real estate marketplace and the law, and our reliance on information provided by outside sources, Texas REALTORS® makes no representation, warranty, or guarantee of the accuracy or reliability of any information provided here. Any legal or other information found on this page or at other sites to which we link, should be verified before it is relied upon.