SPF, DKIM and DMARC
Meow
Posted on March 31, 2023
These are all email authentication protocols that are used to protect email domains from "spoofing" and "phishing" attacks.
SPF (Sender Policy Framework)
It is a protocol that allows a domain owner to specify which server is allowed to send emails on behalf of his domain. For example, this helps prevent spammers from using spoofed addresses by verifying that the email came from an authorized server.
Is configured as TXT record in domain DNS.
DKIM (DomainKeys Identified Mail)
It is a protocol that adds a digital signature to an email message. This protocol allows the recipient server to verify that the message was sent by an authorised server and that it was not tampered with during transmission.
The sent email is signed with a private key and the public key is published in the DNS records of the sending server's domain.
When the recipient's email server receives the signed email, it retrieves the public key from the sender's DNS records and uses it to verify the signature. If the signature is valid, it confirms that the email was not corrupted during transmission and that it was signed by an authorized sender.
This protocol must be configured in DNS records and also on the sending server.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
This protocol builds on the SPF and DKIM protocols and allows the domain owner to specify how e-mail servers should handle e-mails that fail the SPF or DKIM check.
DMARC allows the domain owner to receive reports on how their domain is being used for email and also to specify the action to be taken on messages that fail verification, such as marking them as spam or rejecting them altogether.
DNARC policies are published by the domain owner in the DNS records of the domain in question.
How does it all work together?
Take spoofing attacks, this is an attack where the attacker modifies the header of an email or other piece of electronic communication to make it appear to come from a source other than the actual sender, so that the recipient thinks the message is legitimate.
- SPF: The email server first checks the sender's DNS records to see if the IP address of the sending mail server is authorized to send email on behalf of this domain. If the server is not authorized, the email will likely be marked as spam or rejected altogether
- DKIM: If the sending mail server has passed the SPF record check and is therefore authorized to send messages, a DKIM signature check follows. If the signature is valid, it confirms that the email has not been altered during transmission and that the sender is authorized to send emails on behalf of this domain.
- DMARC: Finally, the recipient's email server still checks the DMARC policy of the sender's domain to determine what actions to take with respect to the email it received. If the DMARC policy specifies that failed SPF/DKIM verification should result in the email being rejected or marked as SPAM, the recipient's email server will take that action.
What if the sender's DNS does not contain DNS, DKIM and DMARC?
Without an SPF record, it is more difficult for email servers to verify the authenticity of emails sent from a given domain, which can lead to a higher risk of spam and phishing emails being delivered to recipients.
Without a DKIM record, emails sent from a domain will not be signed with a digital signature that can be used to verify their authenticity, making it easier for attackers to forge emails and carry out phishing attacks.
Finally, without a DMARC record, the domain owner will not be able to determine the policy on how receiving mail servers should handle emails that fail SPF and DKIM checks. This may result in legitimate emails being marked as spam or rejected, or malicious emails being delivered to recipients.
Thank's for reading!
Posted on March 31, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.