IT-Security
RECOGNIZING E-MAILS FROM EVONIK
For the IT Professional
How to recognize our messages and what to look out for.
Evonik uses the following sender domains:
- @evonik.com
- @<xyz>.evonik.com (e.g. @newsletter.evonik.com)
- Product-specific special domains about which the recipient is informed in advance (e.g. RiSource, Ariba, Microsoft Sharepoint)
Evonik uses SPF, DKIM and DMARC for the technical validation of its own e-mails:
- All authorized mail servers are included in the SPF Records documented
- All emails are DKIM signed
- For all domains a DMARC-record is set
If the above techniques are used for verification, the user can rely on the authenticity of the sender (via Brand Indicators for Message Identification [BIMI] this is done automatically). We strongly recommend using the possibility for verification and to implement the following measures:
- Accept incoming email only from existing domains and do not deliver email to users who fail an SPF check.
- Mark all external emails with a warning.
- Add e-mails from Evonik (and other partners, if applicable) to an exception list from the warning after they have passed the DMARC check (no warning or a different warning). This makes it immediately apparent to the employee that the e-mail has been checked and that the sender is genuine.
- Use up-to-date email security solutions.
- Check reputation and age of mail domains used.
Evonik also supports S/MIME and PGP for the exchange of e-mails requiring special protection. Please contact your Evonik contact if you would like to use this service (Keyword SEEM - Secure Evonik E-Mail).