SPF, DKIM & DMARC: Form The Cornerstone of Email Authentication

Email Authentication

Many times we are asked what can we do to reduce SPAM, phishing, email forgery and so on?

The answer is become an active participant in email authentication by incorporating these three protocols into you organizations email configuration or domain name service (DNS) record.

The first is Sender Policy Framework (SPF)is a way for recipients to confirm the identity of the sende... is a simple email-validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from a host authorized by that domain’s administrators.[1] The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged “from” addresses, so publishing and checking SPF records can be considered anti-spam techniques.

Source: Wikipedia  https://en.wikipedia.org/wiki/Sender_Policy_Framework

The second is Domain Keys Identified Mail (DKIM) is an email authentication method designed to detect email spoofing. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.[1] It is intended to prevent forged sender addresses in emails, a technique often used in phishing and email spam.

In technical terms, DKIM lets a domain associate its name with an email message by affixing a digital signature to it. Verification is carried out using the signer’s public key published in the DNS. A valid signature guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed.[2] Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than message’s authors and recipients. In that respect, DKIM differs from end-to-end digital signatures.

Source: Wikipedia https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

And the third is Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email-validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations. Specified in RFC 7489, DMARC counters the illegitimate usage of the exact domain name in the From: field of email message headers.[1]

DMARC is built on top of two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy on which mechanism (DKIM, SPF or both) is employed when sending email from that domain and how the receiver should deal with failures. Additionally, it provides a reporting mechanism of actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the From: header field, which is often visible to end users, should be considered legitimate.

DMARC’s validation of the From field has similarities to Author Domain Signing Practices (ADSP, originally called DKIM Sender Signing Practices, DKIM-SSP). The reporting aspect builds on Abuse Reporting Format (ARF).[note 1]

Source: Wikipedia https://en.wikipedia.org/wiki/DMARC