Understanding SPF, DKIM and DMARC
Carl Enser, Sales Director, Fabric
The world of spam is continually changing.
Spam has evolved over the years in a variety of ways, and companies around the world are worried about different types of spam because it impacts productivity. Spamming techniques have evolved to penetrate several filtering programs designed to stop the attacks. As soon as new blockers and filters are developed, spammers quickly search for a way around them and create new ways to send spam messages.
Two of the most prevalent types of spam today are:
- Phishing campaigns, which are looking to compromise the credentials of the company employees and take control of the resources of a company. A popular type of phishing campaign is spear phishing, which targets the most valuable contacts within an organization.
- Bulk mail (also referred to as graymail), which could be the advertising mails that you may have accidentally subscribed to, but do not want to receive.
Because spamming techniques are continually changing, the spam you see in your mailbox today is different from the spam you received yesterday. Your spam messages may look similar, but they are not the same; they’re slightly (or significantly) different, with a different signature and are designed to evade filters. Spam campaigns vary in duration from a few minutes to many hours. We have tracked campaigns that send thousands, hundreds of thousands, or even millions of spam messages in a few minutes.
Ten million spam messages blocked every minute.
That is the average number of spam messages that are blocked by Microsoft every minute. However, everyday attackers around the world find new techniques to attack your email.
Email communication was developed way back in 1970, at the time of email being created security wasn’t a concern.
A few decades later, and it is impossible to think of the internet and email without security. Email today is one of the most abused platforms out there to try and cheat and mislead people.
Here at Fabric IT, we recommend implementation of the following techniques as a minimum, SPF, DKIM and DMARC.
What is SPF?
Nope, its not sun protection factor this time. SPF Stands for Sender Policy Framework (SPF). It hardens your DNS servers and restricts who can send emails from your domain. SPF can prevent domain spoofing. It enables your mail server to determine when a message came from the domain that it uses. SPF has three significant elements: a policy framework as its name implies, an authentication method and specific headers in the actual email itself that convey this information. SPF was first proposed with IETF standard 4408 back in 2006 and has been updated most recently to standard 7208 in 2014.
What is DKIM?
Domain Keys Identified Mail (DKIM) ensures that the content of your emails remains trusted and hasn’t been tampered with or compromised. It was initially proposed in 2007 and has been updated several times, most recently with the IETF standard 8301 this last January. Both SPF and DKIM were updated with the IETF standard 7372 in 2014.
What is DMARC?
Domain-based Message Authentication, Reporting and Conformance (DMARC) ties the first two protocols together with a consistent set of policies. It also links the sender’s domain name with what is listed in the From header and also has some better reporting back from mail recipients. It was proposed as an IETF standard 7489 in 2015.