• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Email / DMARC / Deciphering DMARC, DKIM and SPF

Deciphering DMARC, DKIM and SPF

by Clare Holmes
October 2, 2019August 17, 2022Filed under:
  • DMARC
  • Email

If you’re new to our blog, or haven’t encountered email protocols before here’s the top three you need to know:

  • SPF: Sender Policy Framework
  • DKIM: DomainKeys Identified Mail
  • DMARC: Domain-based Message Authentication, Reporting & Conformance

So, why do we care specifically about these acronyms when explaining email security? There’s no mention of spam or gateways, so are they really vital defenses? 

2018 saw a 250% year-on-year increase in DMARC policies published, so whatever it is, it’s seeing traction in the market. So let’s explain each acronym and see if we can’t make it simple.

The threat of email-based phishing attacks

Email is a widely used communication tool and therefore unsurprisingly vulnerable to cyber attacks. A common entry point into an organization’s network is via those lovable threat vectors, employees. 

How many times have you heard about that unwitting victim that paid an invoice because the CEO had emailed for urgent action to be taken to negate late payment fees? And how many times had that email come from a spoofed email account?

So DMARC is a protocol that ensures that emails are authenticated properly and ensures that recipients can rest assured that emails have been sent from legitimate sources, blocking malicious emails from inboxes, and increasing the overall deliverability of authorized emails.

The science bit (Sort of. Actually it’s very straightforward.)

The way that DMARC does this is by using SPF and DKIM, two foundational technologies that help secure different aspects of email and provide a more comprehensive validation. 

  • SPF verifies whether an email was sent from an authorized IP address. 
  • DKIM verifies if an email has been signed by the same domain it was sent from or from a domain that is authorized to send on behalf of that domain. 

They both produce what is known as authentication identifiers that DMARC uses to authenticate emails and set rules about how receiving servers should treat emails that fail authentication checks.

DMARC is a little bit like a club bouncer who vets visitors – they deny or allow people in based on what the owner has mandated is acceptable; for example dress code, age, and if they’re sober enough to still stand up.

The diagram below shows how SPF, DKIM and DMARC work with each other:

DMARC, SPF, DKIM
How SPF and DKIM produce authentication identifiers that DMARC uses to authenticate email.

1a & 1b :  An authorised and unauthorised message is sent to the receiver’s email server.

2 : The receiver’s server checks the sender’s DNS for DMARC, SPF, and DKIM records.

3 : The receiving server verifies the incoming message against SPF and DKIM and if either validation passes it sends the message onto the recipient.

4:  If validation fails, the message will be sent to a spam folder or completely rejected, depending on how DMARC is configured – end user will never see the failed message.

So that’s a basic walkthrough on some regularly used email security acronyms. If this has whet your appetite for learning more about security acronyms, have a read of this article by Peter Loshin at SearchSecurity.

If you’re unsure whether your organization is using these globally-accepted email protocols, you can use our free investigate tool to check your email setup today.

Check email DMARC setup

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybersecurity
  • DKIM
  • DMARC
  • SPF

Post navigation

Previous Post Interview: Red Sift raises $8.8M to protect enterprise emails from phishing attacks
Next Post Featured: 12 UK-based Infosec Startups To Know

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Milan Pro on Genesis Framework · WordPress · Log in