Scribd
Upload
82 views7 pages

Email Security - SPF, DKIM and DMARC

SPF, DKIM and DMARC are authentication methods used in email security to prevent spoofing and phishing. SPF uses DNS to verify sending mail servers, DKIM digitally signs emails using public key cryptography, and DMARC tells recipients what to do with emails based on SPF and DKIM results. SPF operates at the domain level to check if emails originate from authorized IP addresses, while DKIM signs individual emails with private keys and allows validation with public keys. DMARC policies enforce actions for emails that fail SPF or DKIM authentication checks.

Uploaded by

Mahendran Loganathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
82 views7 pages

Email Security - SPF, DKIM and DMARC

SPF, DKIM and DMARC are authentication methods used in email security to prevent spoofing and phishing. SPF uses DNS to verify sending mail servers, DKIM digitally signs emails using public key cryptography, and DMARC tells recipients what to do with emails based on SPF and DKIM results. SPF operates at the domain level to check if emails originate from authorized IP addresses, while DKIM signs individual emails with private keys and allows validation with public keys. DMARC policies enforce actions for emails that fail SPF or DKIM authentication checks.

Uploaded by

Mahendran Loganathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

SPF, DKIM and DMARC Explained

This Photo by Unknown author is licensed under CC BY-SA-NC.


Definition and Overview
• SPF, DKIM and DMARC are used in email security as an authentication
methods.
• They are helpful to prevent spam, Spoofing, phishing and unauthorized
persons to impersonate the legitimate domains.
• SPF is Sender Policy Framework and it lists all the tags(IP address and
Domain names) associated with the Email servers where the email could
originate from for a domain.
• DKIM is DomainKey Identified Mail, is the technic used to digitally sign
the email from the legitimate domain. DKIM uses Public Key Cryptography
technic to digitally sign the email
• DMARC is Domain-based Message Authentication Reporting and
Conformance, which tells the recipient Email server what to do based on
SPF and DKIM results.
SPF – Sender Policy Framework
• TXT (text) based authentication used to identify the mail servers identify if the mail was originate from the
authorized IP addresses.
• SPF operates at domain level, not user level. So, SPF can only verify the domain not users who sends the
email.
• SPF Record needs to be updated in the DNS server.
• The Recipient Email server will reach Sender DNS server and verify the SPF record to ensure the email
originates from its domain IP address or domain names.
• If the check pass – email will be delivered to recipient user by recipient email server
• If the check fails – email will be dropped to spam, quarantine or delete based on recipient email server configuration
How SPF record works:
1. Establish or create policy
1. Define which hosts/Email servers has authority to send emails
2. DNS Lookup
1. Inbound server checks if the IP Address or domain is authorised
3. Authentication
1. Mail Server accepts, flags or reject the emails
How SPF works:
[object File]
DKIM – DomainKey Identified Mail
• DKIM signs the emails using Private Key – Digital Signature.
• DKIM uses PKI – Publis Key Cryptography.
• Sender Email server – should have Private Key
• DNS server – should have public key
• Email server sends the email signing with the Private key it has, and the
recipient Email server reach senders DNS server and check the Public key
associated with the private key.
• If the Key pairs matches – DKIM pass
• If the Key pair fails – DKIM fail
DKIM – How it works
DMARC – Domain-based Message
Authentication Recording and Conformance

You might also like