Saturday, May 15, 2021

Email sender authentication

Speaking of authentication in an email delivery, usually we will talk about SPF, DKIM and DMARC. Put aside these fancy acronyms, authentication is basically to prove the sender is the legit sender and the email is not tampered in transit.

SPF (Sender Policy Framework) verifies the email is coming from an authorized server. An SPF record is a DNS TXT record specifying which IPs or servers are allowed to send email from that domain.

DKIM (DomainKeys Identified Mail) proves the email has not been changed in transit and the sender owns the DKIM domain. DKIM is also a TXT record signature that builds trust between the sender and the receiver.

DMARC (Domain-Based Message Authentication Reporting and Conformance) is an added authentication method that uses both SPF and DKIM to verify whether or not an email was actually sent by the owner "from" domain. In order for DMARC to pass, both SPF and DKIM must pass, and at least one of them must be aligned. Gmail and Microsoft adopt DMARC into their filtering methods for None, Quarantine, or Reject policies.

No comments:

Post a Comment