Securing Your Email – What the hell is SPF, DKIM, and DMARC?
TLDR: Protect your email with SPF, DKIM and DMARC
SPF: “Did this email really come from who it says? Let’s check the approved sender list.”
DKIM: “This email looks legit because the digital signature checks out.”
DMARC: “Hold on, this email’s a bit sketchy. Here’s what to do with it.”
Secure your email
Phishing scams, spam, and email spoofing are unfortunately very common, and with the rise of LLM AI, fraud attacks will become ever more difficult to protect against. However, there are three key mechanisms—SPF, DKIM, and DMARC—can greatly enhance email security when implemented properly. Don’t be put off by the names, they are actually quite straightforward when you get to grips with them. Let’s dive into what they are and why they matter.
SPF (Sender Policy Framework)
SPF is a DNS record (a text record that sits on your domain) that specifies which mail servers are allowed to send email on behalf of your domain. In essence, it tells the world, “These are the servers I will send from. If an email claims to be from me but comes from somewhere else, it’s likely fake.”
When an email is received, the receiving server checks the SPF record of the sending domain. If the email originated from a server not listed in the SPF record, it’s treated as suspicious and may be flagged as spam or rejected outright.
This helps to protect you from bad actors pretending to send an email from your organisation.
DKIM (DomainKeys Identified Mail)
DKIM is a method of email authentication that uses cryptographic signatures to verify that an email hasn’t been altered in transit. It’s like a digital signature that says, “This is my signature. If it’s not on the email, it probably didn’t come from my server.”
When an email is sent, the sending server generates a unique DKIM signature and adds it to the email headers. The receiving server can then use the public key published in the sending domain’s DNS to verify the signature. If the signature doesn’t match or is missing, the email is considered suspicious.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC builds upon SPF and DKIM. It’s a policy that tells receiving servers what to do if an email fails SPF or DKIM checks. In other words, “If you get mail that doesn’t match SPF or DKIM, here’s what I want you to do with it.”
DMARC policies can instruct receiving servers to deliver the email, quarantine it, or reject it outright. DMARC also provides a reporting mechanism, allowing domain owners to monitor email traffic and identify potential security issues.
The Importance of SPF, DKIM, and DMARC
Without these mechanisms in place, your organization is more vulnerable to email spoofing and phishing attacks. Scammers can send emails that appear to come from your domain, tricking recipients into revealing sensitive information, downloading malware, or wiring money.
Implementing SPF and DKIM requires some technical setup, but the effort is well worth it. By properly configuring these protocols, you significantly reduce the risk of your domain being used for fraudulent purposes, protecting your organization’s reputation and your customers’ trust.
Moreover, many email providers now check for SPF, DKIM, and DMARC. Emails from domains without these records set up are more likely to be flagged as spam, meaning your legitimate emails may not reach their intended recipients.
In conclusion, SPF, DKIM, and DMARC are essential tools in the fight against email fraud. While they require some effort to implement, they provide a robust defence against many common email security threats. It’s worth checking to see if you have these checks in place, if not it’s well worth getting these setup.