Universal Article/Blog/News module
What are SPF, DKIM, DMARC, RDNS
What are SPF, DKIM, DMARC, RDNS
When setting up an email client you must have come across the terms SPF, DKIM, DMARC, and RDNS, but might not know what they are.
These are security frameworks that protect you and your business from spam emails, malicious links, and phishing links. This protection is necessary nowadays with the growing number of cyber-attacks.
Take a look at how each authentication service protects you and your business from such spam.
Sender Policy Framework (SPF)
Sender Policy Framework is a Domain Name System record that specifies the address of the email sender. It is used to detect forging email addresses during the delivery of email. Simply put, SPF is like the return address at the back of the letter that informs the user who the sender is. It informs the receiving server of the sender, which then decides whether the mail should be forwarded to the user or not.
SPF allows the receiving mail server to analyze whether the email is coming from an authorized IP address or not. This list of authorized IP addresses and sending hosts is published in the Domain Name System (DNS) record. SPF records are usually shorter than or equal to 255 characters.
Parts of an SPF Record
An SPF record is a simple string of characters created by the domain administrator that can be added to the DNS record. An SPF record can be divided into the following parts:
• Version: It specifies the version of SPF being used
• IP: The next part of the SDF specifies the IP versions that are authorized to send email
• Third-party domain: Includes any third party domain that is authorized to send email
• “All” tag: The SPF record contains an ending “all” tag that indicates the policy to be applied when the email request is received from a server that is not part of our SPF record.
DomainKeys Identified Mail (DKIM)
DKIM is an email authentication technique that allows the receiver to verify whether the email was actually sent by the owner of that domain. It detects forged sender addresses and can hence identify spam and phishing emails.
Using DKIM is like sending a message via certified mail; it builds trust and ensures that the email actually is sent by the real authorized owner.
DKIM uses an encryption algorithm that creates two keys, private key, and public key. The private key remains on the server it was created whereas the public key is placed in the DNS record.
Parts of DKIM Record
A DKIM record usually consists of the following parts:
• S: It is the selector created by the sender that specifies the record name to find the public key in DNS
• D: It specifies the domain used by the sender and together with the selector, helps in locating the public key
• P: It is the public key which is a character string consisting of random characters, numbers, and special characters.
Domain-Based Message Authentication Reporting and Conformance (DMARC)
DMARC is an email authentication policy that works together with SPF and DKIM. The main purpose of DMARC is to:
● Verify the sender’s message is protected by SPF and DKIM
● Guide the server if neither of these authentication methods is present
● Provide a way for the server to report back to the sender regarding the result of the DMARC test
DMARC ensures that the domain is protected from phishing emails, scams, cyber-attacks, and compromise attacks. When an email is received, DMARC ensures that the information contained in the address portion of the header and the information of the sender that the user sees matches the specified domain in “friendly-from”.
Parts of DMARC record
A DMARC record contains various tags, but only two of them are necessary while the rest are optional.
1. V: This is the version tag and is present at the beginning of the DMARC record
2. P: This is the policy tag that dictates the policy to be applied in case an incoming email fails the DMARC test.
There are some additional tags that can be a part of the DMARC record, they are:
● PCT: Indicates the percentage of the suspicious message that DMARC policy applies to
● Rua: This tag specifies the address where aggregate reports are to be submitted. These reports can be used to identify malicious activity and potentially harmful emails.
● Fo: This tag informs the server that messages that failed to pass SPF or/and DKIM should be returned to the sender.
Reverse DNS (RDNS)
RDNS does the opposite of DNS. The DNS resolves domain names into their associated IP addresses while a reverse DNS takes the IP address of the incoming message and finds out its domain name. If the domain name is present in the DNS database, the message is allowed to pass. If no valid result is found, the message is blocked. It serves as a spam filter by keeping all the unwanted emails out.
Why SPF, DKIM, DMARC are important
Email spamming has always been an issue and every year thousands of people suffer due to malicious links and phishing links sent via email. In 2013, roughly 1 billion business emails were sent and received every day. Out of these emails, only 20% were legitimate and the rest were spam with 92% of them having links to malicious and phishing sites.
Thanks to these authentication techniques available now, most of the spam emails are filtered, thus, saving us from any kind of harm.
These authentication techniques save you from:
● Unwanted spam mail
● Malicious links that can potentially harm your device
● Phishing links that can trick you into losing your money
● Any other kind of cyber scam that can potentially harm you
Whether you’re new to business or a veteran, you need these authentications to protect yourself and your business. Setting them up might seem tedious but the benefits are worth your time!