Blog

Latest Updates and News

SPF, DKIM and DMARC Explained

SPF, DKIM and DMARC Explained

in this article we are going to cover SPF, DKIM and DMARC records.

Introduction

When owning or using a domain, it is especially important that you have the SPF, DKIM and DMARC records set up to prevent email spoofing and fraud.

When these records are misconfigured or omitted, it is extremely easy for any malicious agent to

send emails appearing to be from a brand domain identity.

This could result in a domain being blocked or could lead to brand customers being fraudulently misled.

It is essential for every domain to have SPF, DKIM and DMARC correctly configured, even if there is no intention to send emails from that domain.

Fairlady Law can assist in the setting up of SPF, DKIM and DMARC records. We can also closely monitor email activity and protect brand names against spoofing or damage to brand integrity.

Email Spoofing

email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a known or trusted person or entity.

If a domain fails to have SPF, DKIM and DMARC records configured correctly, spammers can easily send emails impersonating that domain’s identity.

email spoofing works on exploiting human trust, where the attacker can ask the recipient for sensitive information or other fraudulent intent.

Spam emails are easily detectable by email hosts, such as Gmail or Microsoft.

If spoofing or phishing emails were sent out through their services, the owner domain could be blocked.

Once a domain has been blocked, it is almost impossible to reverse any negative impact on its authority.

Any emails sent out from a blocked domain would be either marked up as spam or blocked entirely.

This action is because almost 90% of all cybercrimes starts with a spoofing email, of which there are over 3bn each day.

Do not leave your domain vulnerable to attack, ask Fairlady Law for assistance in getting your emails fully protected and configured with SPF, DKIM and DMARC records today!

SPF Record

SPF, or Sender Policy Framework, is a text record that is added to a domain’s DNS records.

Mail providers use SPF to detect and block email spoofing and unauthorized mail sent through any domain.

An SPF record allows the listing of IP addresses that are authorised to send mail through that domain.

It also instructs mail hosts on how to react to any non-compliant message.

there are four different types of qualifiers:

a) The first qualifier is a plus (+) sign this is the default status. It tells the recipient email host to accept all emails. Clearly this is not an advisable status as it leaves a domain wide open to spoofing.

b) The second qualifier is the dash (-) sign. This is the most secure option as it tells the recipient mail host to always reject mail that fails to match the authorised IP list declared in the SPF record.

c) The third qualifier is a tilde (~). This qualifier tells the email server provider to accept the email but mark it as suspicious (spam). (“Email DNS Master Course – SPF + DKIM + DMARC”)

d) The last qualifier means neither pass nor fail so again is not advised as you are then relying upon other filters to detect spam attacks.

The SPF also contains a combination of mechanisms and directives.

This is whereas many IP addresses or domain names (servers) can be listed.

There are five different mechanisms (or ways) that these servers can be authorised:

1) Domain name (a domain.com).

2) another domain’s mx record (mx otherdomain.com).

3) IP4 address or range – ip4 ###. ###.###.###);

4) IP6 address or range – ip4 <ip6 address>).

5) INCLUDE – which is to add a specific record for a remote mail provider.

What is DKIM?

DKIM is a lock-in key authentication process used to make sure that messages are not altered in transit between the sending mail server and the receiving mail server.

The DKIM authentication process is amazingly simple.

In the first step, public and private keys are created, either using RSA sha-1 or RSA sha-256 signature algorithms.

The public key is then added to the DNS record and the private key is stored either on the domain server or with the mail service provider.

A DKIM signature is then added to every email that is sent, and this is validated by the receiving mail service.

if the DKIM signature is valid, then the email is sent to the intended recipient.

If the validity process fails, then the email will be directed to the spam folder, or will fail completely, depending on the settings (as mentioned previously).

What is DMARC?

DMARC (Domain-based Message Authentication Reporting and Conformance) was first published in 2012.

DMARC is a protocol built by Google, Microsoft, Yahoo and PayPal to prevent email abuse.

All major mail service providers support it.

· DMARC is used to determine the authenticity of an email message.

· It is configured to permit authorised senders for a domain’s email messages.

· It also sets the instruction for any action taken by the receiving email service.

Why not ask Fairlady Law to help configure your DMARC, SPF and DKIM authentication records?

Once SPF and DKIM records are added to a domain, it is then possible to add the DMARC record.

DMARC is a text record that includes instruction for the receiving email server on how to manage mail sent from a domain that does not align with policy frameworks

What is a DMARC Aggregate Report? behalf

A DMARC aggregate report contains information about the authentication status of messages sent from a domain. (“Email DNS Master Course – SPF + DKIM + DMARC”)

These reports contain information about the source of any sent emails, the domain name that was used to send them, IP addresses, the number of messages sent and the DKIM/SPF/DMARC authentication results.

What is a DMARC Forensic Report?

DMARC forensic reports are generated when the SPF or DKIM do not align with the DMARC configuration. (“Email DNS Master Course – SPF + DKIM + DMARC”)

These reports are only sent when an email fails authentication.

It contains information such as:

· The email ‘to’ field.

· the email ‘from’ field.

· the IP address of the sender.

· the email subject field.

· the authentication results.

· the message id.

· URLs;

· delivery result.

· and the ISP information.

While the setting up of SPF, DKIM and DMARC records is not necessarily challenging to anyone familiar with the processes, it does require going in to some quite technical and unfamiliar areas of domain hosting.

If this is an area that you are not familiar with, it is highly recommended that you talk to Fairlady Law in the first instance. It will not cost a fortune and could save many disasters further down the road.

Leave a Reply