Email Security: Understanding SPF, DKIM, and DMARC
If sending and receiving email is a central part of your business strategy, it is essential to understand the protocols that have been developed to keep it safe. SPF, DKIM, and DMARC were explicitly designed to reduce spam and other possibly unsafe messages.
Understanding these email security standards is critical for both email receivers and senders. Proper implementation of these protections is, of course, essential for recipients. They help to weed out spam, phishing scams, and other potentially damaging messages. But a solid grasp of the processes and technology behind email security protocols is also critical for email senders. Without knowing how these tools work, senders could inadvertently run afoul of the protocols and find that their messages are not getting through.
SPF (Sender Policy Framework)
SPF is an email security open standard framework designed to prevent sender address forgery. In other words, it is about making sure the email is actually coming from who it says it is coming from. SPF exists in the form of a Domain Name Service (DNS) text (TXT) record which identifies precisely which mail servers and IP addresses are allowed to send email from a specific domain. If the receiving mail server detects that the sender does not match the SPF record, it may be blocked.
DKIM (DomainKeys Identified Mail)
Similar to SPF, DKIM is a DNS TXT record. DKIM email security also ensures that the message comes from the appropriate mail server or IP address, but it also offers additional security layers. DKIM also shows that the contents of a message have not been tampered with and that the headers have not been changed. To allow for these additional features, DKIM uses an algorithm to create a pair of encryption keys. The private key remains on the email server, and the public key is listed as a DNS text record.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC is an email security protocol that allows the sender to indicate to the receiver that the message is protected with SPF and or DKIM. If it does not pass authentification for SPF or DKIM, instructions are also included to instruct the receiving server on how to handle it. Finally, it sends a report back to the sender, indicating whether the message passed or failed the evaluation. In this way, the sender and receiver work together to ensure the authenticity and integrity of the message.
Is It Necessary to Use All Three Email Security Protocols?
None of these three protocols have been universally adopted. However, email administrators are more consistently setting up and enforcing one or more. The safest bet for email senders is to move to have all three records in place. That way, as more and more administrators adopt strict rules, your emails will be ready to pass the test.
Setting Up SPF, DKIM, and DMARC
The good news is that none of these email security protocols are difficult or expensive to adopt. Many IT administrators are already familiar with the process, and there is excellent documentation available for adding the proper records. There is no reason not to get on board right away.