IT-Security

RECOGNIZING E-MAILS FROM EVONIK

For the IT Professional

How to recognize our messages and what to look out for.

Evonik uses the following sender domains:

  • @evonik.com
  • @<xyz>.evonik.com (e.g. @newsletter.evonik.com)
  • Product-specific special domains about which the recipient is informed in advance (e.g. RiSource, Ariba, Microsoft Sharepoint)


Evonik uses SPF, DKIM and DMARC for the technical validation of its own e-mails:

  •  All authorized mail servers are included in the SPF Records documented
  • All emails are DKIM signed
  • For all domains a DMARC-record is set

If the above techniques are used for verification, the user can rely on the authenticity of the sender (via Brand Indicators for Message Identification [BIMI] this is done automatically). We strongly recommend using the possibility for verification and to implement the following measures:

  • Accept incoming email only from existing domains and do not deliver email to users who fail an SPF check.
  • Mark all external emails with a warning.
  • Add e-mails from Evonik (and other partners, if applicable) to an exception list from the warning after they have passed the DMARC check (no warning or a different warning). This makes it immediately apparent to the employee that the e-mail has been checked and that the sender is genuine. 
  • Use up-to-date email security solutions. 
  • Check reputation and age of mail domains used.

Evonik also supports S/MIME and PGP for the exchange of e-mails requiring special protection. Please contact your Evonik contact if you would like to use this service (Keyword SEEM - Secure Evonik E-Mail).