emails are a vital communication tool for both personal and business purposes. However, the ubiquity of email also makes it a popular target for cybercriminals who use phishing, spoofing, and other malicious tactics to deceive recipients and gain unauthorised access to information. To combat these threats, organisations use email authentication protocols like DMARC, SPF, and DKIM. Together, these protocols help ensure that emails are genuine and trustworthy. Here’s an in-depth look at how they work and why they are essential for email security.

1. SPF (Sender Policy Framework)

SPF (Sender Policy Framework) is an email authentication protocol that allows domain owners to specify which mail servers are authorised to send emails on behalf of their domain. It works by creating a list of permitted IP addresses or sending servers within the domain’s DNS (Domain Name System) records. When a recipient server receives an email, it can verify whether the sending IP address matches those listed in the SPF record.

• How SPF Works: When an email is received, the receiving server looks up the SPF record for the sender’s domain. If the sending IP address is authorised, the SPF check passes; if not, the check fails, and the email can be flagged or blocked.
• Advantages of SPF: SPF helps to prevent spammers from sending emails with a forged sender address on your domain’s behalf. However, SPF alone cannot fully prevent spoofing attacks, as it only authenticates the envelope sender address (the “Return-Path”), which may not match the actual email address displayed to recipients.
• SPF Record Example: A typical SPF record looks like this:

 

v=spf1 ip4:192.168.0.1 include:_spf.google.com ~all

Here, v=spf1 defines the SPF version, ip4:192.168.0.1 authorises a specific IP, include:_spf.google.com includes other authorised senders, and ~all specifies that emails from unauthorised IPs should be treated as suspicious.

2. DKIM (DomainKeys Identified Mail)

DKIM (DomainKeys Identified Mail) is another email authentication protocol that uses cryptographic signatures to verify that an email has not been tampered with in transit. It attaches a unique signature header to each outgoing email, which can be verified by the recipient’s mail server.

• How DKIM Works: When an email is sent, the DKIM system generates a digital signature using a private key and adds it to the email header. The public key, stored in the DNS records, is accessible to receiving servers, allowing them to validate the signature. If the signature is valid, it confirms that the email is indeed from the purported sender and that its content has not been modified.
• Advantages of DKIM: DKIM provides greater email integrity by confirming that emails are genuine and unaltered. This is especially beneficial for high-risk communications, such as financial transactions, and adds another layer of protection to reduce email fraud.
• DKIM Record Example: A DKIM record includes a “selector” and public key information:

 

example._domainkey.example.com IN TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4G…”

Here, example._domainkey is the selector, and p=MIGfMA0G… is the public key used for validation.

3. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that works alongside SPF and DKIM, specifying how email providers should handle unauthenticated emails. DMARC enables domain owners to set policies that instruct receiving mail servers on how to treat emails that fail SPF and DKIM checks. It also provides valuable reporting, allowing domain owners to monitor and identify potential abuse.

• How DMARC Works: When a DMARC policy is in place, the receiving server checks if an email passes both SPF and DKIM validation, and also verifies that the “From” address matches the domain specified in the SPF or DKIM records (a process known as alignment). If the email fails to meet these criteria, the DMARC policy—defined by the domain owner—determines what action should be taken, such as quarantining or rejecting the email.
• DMARC Policies:
  • None: Allows unauthenticated messages to be delivered but generates a report for the domain owner.
  • Quarantine: Marks unauthenticated messages as spam or places them in the recipient’s junk folder.
  • Reject: Blocks unauthenticated messages from reaching the recipient altogether.
• DMARC Record Example:

 

v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; sp=quarantine;

Here, v=DMARC1 specifies the DMARC version, p=reject indicates the policy to reject unauthenticated emails, and rua=mailto:dmarc-reports@example.com is the address for receiving reports.

The Importance of Using DMARC, SPF, and DKIM Together

While SPF, DKIM, and DMARC each provide unique security benefits, they are most effective when used together. Here’s why implementing all three protocols is essential:

• Enhanced Security: Combining SPF, DKIM, and DMARC creates a robust defence against email spoofing and phishing. Each protocol addresses different aspects of email authentication, and together they ensure that emails come from legitimate sources and have not been tampered with.
• Improved Email Deliverability: Using these protocols reduces the chance of legitimate emails being flagged as spam, as they help establish the domain’s reputation and improve its trustworthiness among mail servers.
• Visibility and Control: DMARC’s reporting feature provides valuable insights into the source of potential attacks and helps domain owners adjust their policies to ensure both security and deliverability.

Conclusion

SPF, DKIM, and DMARC are critical protocols for securing email communications. SPF authorises specific servers to send emails, DKIM confirms the authenticity and integrity of email content, and DMARC enforces policies to manage unauthorised emails while providing detailed reporting. Together, they enhance email security, boost deliverability, and give organisations better control over their domains, making them an essential component of any modern email security strategy.

With these measures in place, organisations can more effectively protect themselves from phishing, spoofing, and other email-based attacks, ensuring safer digital communications for everyone.

Disclaimer: DNS Records Configuration

The configuration of DNS (Domain Name System) records is a critical aspect of managing and maintaining the functionality of your domain and associated services (e.g., email, website hosting, and other online services). Please be aware that incorrectly configuring DNS records can result in significant issues, including, but not limited to:

1. Website and Service Downtime: Incorrect DNS entries can lead to your website and associated services becoming unavailable, resulting in potential business disruption and customer dissatisfaction.
2. Email Failures: Misconfigured MX (Mail Exchange) records or other related DNS settings can cause email services to fail, leading to undelivered or lost communications.
3. Security Risks: Incorrect DNS configurations can unintentionally expose your domain to spoofing, phishing, or other security vulnerabilities.
4. Delayed Changes: DNS changes typically propagate globally within 24-48 hours, meaning any incorrect settings could affect your services for an extended period before they can be corrected.

Disclaimer Statement: This information is provided for general informational purposes only and does not constitute professional advice. While we strive to ensure accuracy, we accept no responsibility for any issues arising from misconfigured DNS settings. It is highly recommended that you seek professional guidance or consult with experienced IT specialists when modifying DNS records to ensure the accuracy and security of your domain configurations.

Always double-check and backup existing DNS settings before making any modification.

At Your Tech People, we provide proactive IT support designed to optimise your business operations and minimise downtime.