Cyber Security

Demystifying the powerful SPF, DKIM and DMARC technologies

This blog post discusses the SPF, DKIM and DMARC mechanisms and how organisations can use them to their benefit.

Contrary to popular belief, their role is not to protect a mail system against threats.

Instead, they act as protection mechanisms for the mail exchange worldwide, adding to the Cyber Hygiene of this ecosystem.

Did we mention they come at no cost?

Let’s dig a bit deeper into the topic.

What they are and how to use them

SPF (Sender Policy Framework)

SPF is an email authentication standard that helps counter spam, spoofing and phishing attempts.

The record is added to an organisation’s public DNS (Domain Name System) zone and contains information about the legitimate senders that can send emails using the domain.

DKIM (DomainKeys Identified Mail)

DKIM is another email authentication protocol designed to detect forgery or alterations for emails in transit.

The method allows the mail recipient to check that it was indeed sent and authorised by the sending domain, not someone impersonating the sender.

It does that by utilising Cryptography and specifically a public-private key pair:

The public key is published with the DKIM selector on the public DNS zone, while the private key is made available to the DKIM-enabled mail system.

DMARC (Domain-based Message Authentication Reporting and Conformance)

DMARC is an email authentication policy enabling domain owners to protect them from unauthorised use.

It builds on the SPF and DKIM protocols and allows a sender to indicate that their messages are protected by SPF and/or DKIM.

It also tells the recipient what to do if neither (or just one) of those authentication mechanisms passes or fails.

The policy could instruct to send the message to the Junk folder or even reject it.

Another valuable aspect of DMARC is that it provides a way for the receiver’s mail system to report back to the sender the status of the messages that passed or failed the evaluation.

Conclusion

SPF, DKIM and DMARC comprise a set of email authentication methods to provide the means to check the authenticity of a mail exchange communication.

It safeguards the recipient’s side and adds to the sender’s reputation, which could be handy in day-to-day operations.

Get in touch with us to learn how those advanced features fit your environment and can increase your brand’s reputation while increasing email deliverability.