Just like real-world criminals, online thieves can use impersonation to gain our confidence to steal important information, get access to a system, steal private data or spread malware. This practice is called spoofing, important reason for email protection & authentication methods.
Spoofing is a general term that can include Email spoofing, text message spoofing, caller ID spoofing, URL spoofing, and others.
In this post, we want to expand on three measures to protect our Email of spoofing that are increasing in importance: SPF, DKIM, and DMARC.
The three main email security protocols complement one another, so implementing them all provides the best protection. Put simply, SPF, DKIM and DMARC are ways to authenticate your mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send the email.
When properly set up, all three prove that the sender is legitimate, that their identity has not been compromised and that they’re not sending email on behalf of someone else. These antispam measures are becoming increasingly important, and maybe one day could be required by all mail services and servers.
Sender Policy Framework (SPF) hardens your DNS servers and restricts who can send emails from your domain. It isn’t about stopping spam, SPF enables you to identify your domain’s legitimate mail sources and prevents unauthorized sources from sending illicit emails from your domain.
SPF has three major elements: a policy framework as its name implies, an authentication method and specialized headers in the actual email itself that convey this information.
SPF is configured as a DNS TXT record that specifies which IP addresses and/or servers are allowed to send email from a particular domain.
DomainKeys Identified Mail is also known as “email signing”, ensures that the content of your emails remains trusted and hasn’t been modified or compromised. It was initially proposed in 2007 and has been updated several times. “Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication,” according to dkim.org.
DKIM uses an encryption algorithm known by all IT Admins, private-public keys. To create a pair of electronic keys that handle this “trust”. Public and private keys are mathematically linked to one another, making secure communications possible. The private key remains on the server where it was created on, your mail server. The public key is added to the DNS in a TXT record.
Each outgoing Simple Mail Transfer Protocol (SMTP) server needs the right private key and prefix to match a public DNS record that the receiving mail server verifies.