How do SPF, DKIM, and DMARC work together?
DMARC is an anti-spoofing Framework that relies on two other email authentication mechanisms, SPF and DKIM. DMARC compliance requires at least one of these mechanisms to pass.
Sender Policy Framework (SPF) is a mechanism that allows the owner of a domain to specify which mail servers are authorized to send email on their behalf. Once a mail server has received an email from a sender, the mail server checks the SPF record for the sender’s domain, using the return-path email address as the domain name. If the IP address of the server that attempted to send the email isn’t listed in the SPF record for that domain, it’s likely that message is spam.
DomainKeys Identified Mail (DKIM) adds another layer of security to an email by adding a digital signature that can be used to verify that an email message was not altered during transit. The signature is created by encrypting a combination of header and body elements with a private key, which is stored on the sender’s mail server. Recipient servers then attempt to decrypt this signature with a public key listed in your domain’s DNS records. If successful, they know your message hasn’t been tampered with and can be trusted.
Deployment of DMARC, SPF & DKIM requirements:
- Access to your public DNS
- Email gateway outbound DKIM signing option
- Email gateway admin panel access.
When an email is sent out and received by the recipient’s mail server, it performs several queries on your DNS. This includes the following:
SPF authentication: Basically, SPF (Sender Policy Framework) is a way of telling the world that “this email originating from an IP address which has been authorized by the email sender”. Each domain name owner (the people who register domains) can specify one or more IP addresses from which they are allowed to send mail. That way, anyone who receives mail from that domain can check that it really did come from an approved source.
The owner of the domain will create a TXT DNS record for their domain listing these IP addresses in a particular format, and then anyone wanting to send a message can look up the SPF record for the domain, check that their IP address is on the list and mark it as spam if not. That’s about all there is to it!
DKIM authentication: is DKIM authentication is a type of authentication that lets email senders digitally sign their emails. This digital signature helps email receivers (like Gmail) verify the identity of the sender and make sure the message wasn’t tampered with during transit. If a message passes DKIM authentication, you’ll see a “signed by” line under the sender’s address in your Gmail inbox.
DMARC alignment and policy: DMARC alignment process takes place to verify the SPF & DKIM authentication further matching the from domain to the return path, and based on these results, the DMARC policy is applied. DMARC provides a way for domain owners to proactively protect their domain from unauthorized use, and more generally to protect their users from receiving fraudulent email.
The DMARC specification defines how to use published DKIM and SPF records by a receiving mail server to determine whether an email message is authenticated. DMARC also provides a reporting mechanism of actions performed under those policies, to inform senders of disposition of messages attempted from their domains.
Every so often, mail servers send each other logs and stats about the emails they’ve sent. These logs include details such as the time and date of sending, the IP address of the sender and recipient, and a number of other factors. After the recipient’s mail server has performed the queries, completed the authentication checks, and applied the relevant action to the email (whether to accept, mark as spam or reject the email), it then sends an aggregate report back to an address assigned by the email sender.
Source :-https://medium.com/@aariyagoel5621/how-do-spf-dkim-and-dmarc-work-together-e20c8f22cce0
0