For the IT Professional

Evonik uses the following sender domains:

• @evonik.com
• @<xyz>.evonik.com (e.g. @newsletter.evonik.com)
• Product-specific special domains about which the recipient is informed in advance (e.g. RiSource, Ariba, Microsoft Sharepoint)

Evonik uses SPF, DKIM and DMARC for the technical validation of its own e-mails:

•  All authorized mail servers are included in the SPF Records documented
• All emails are DKIM signed
• For all domains a DMARC-record is set

If the above techniques are used for verification, the user can rely on the authenticity of the sender (via Brand Indicators for Message Identification [BIMI] this is done automatically). If you use Microsoft Outlook, you can configure it so that it shows the user any unsuccessful verification (please find further information here). In general, we recommend to implement the following measures:

• Accept incoming email only from existing domains and do not deliver email to users who fail an SPF check.
• Mark all external emails with a warning.
• Add e-mails from Evonik (and other partners, if applicable) to an exception list from the warning after they have passed the DMARC check (no warning or a different warning). This makes it immediately apparent to the employee that the e-mail has been checked and that the sender is genuine. 
• Use up-to-date email security solutions. 
• Check reputation and age of mail domains used.

Evonik also supports S/MIME and PGP for the exchange of e-mails requiring special protection. Please contact your Evonik contact if you would like to use this service (Keyword SEEM - Secure Evonik E-Mail).