55525735-min (4)

What is SPF? Why use SPF & What are its limitations?

Sender Policy Framework(SPF) is a technological framework that helps to protect email senders and receivers against spam, spoofing, and phishing. In particular, it defines a way to validate the sending of an email message from an authorized mail server to detect forgery and prevent spam.

SPF Record: An SPF record is included in the DNS database of an organization. It is a specifically formatted version of a standard DNS TXT record.

How does it work ?

SPF lays out a system for receiving mail servers to check that incoming mail from a domain has been sent from a host allowed by the administrators of that domain.

  • A domain administrator publishes the rules for mail servers allowed to send email from that domain. Its regulation is referred to as an SPF record and is classified as part of the overall DNS records of the domain.
  • When an incoming email is opened by an inbound mail server, it will look up the domain rules in DNS. Then the inbound server compares the mail sender’s IP address with the approved IP addresses set out in the SPF log.
  • The receiving mail server instead uses the rules defined in the SPF record of the issuing domain to decide whether to accept, deny or flag the email message otherwise.

Why use SPF ?

  • SPF may not be fine, but it’s much safer for you than not to use it. By setting up SPF, emails can still be sent but doing so will improve your chances.
  • Using an SPF scheme provides ISPs with an extra confidence signal to increase the likelihood that your communications will arrive in the inbox.
  • The SPF framework can also help mitigate the bounce and error warning backscatter as spammers seek to misuse the domain.

Limitations

SPF is a perfect email security tool. Nevertheless, it has certain limitations that you need to be conscious of.

  • SPF will not verify the header “From.” This header is shown as the real source of communication in most clients. The “header from” is not checked by SPF, but the “envelope from” is used to evaluate the domain received.
  • SPF is going to break when an email is forward. At this stage, the ‘ forwarder ‘ becomes the message’s current ‘ sender ‘ and the new destination’s SPF tests may fail.
  • SPF is deficient in the documentation, making it more difficult to manage.

Click here to get insight about another email security tool DKIM.

55525735-min (4)

What is DKIM? All you need to know about DKIM

Domain Keys Identified Mail (DKIM) is a technological norm that helps deter spam, spoofing, and phishing from email senders and recipients. This is a type of email authentication that allows an individual to assert accountability for a message in a manner that the receiver may validate.

DKIM uses a “public-key cryptography” approach to verify that an email message has been sent from an authorized mail server to detect forgery and prevent harmful email delivery such as spam.

DKIM Signature- A DKIM signature is an email address header. The header includes values that enable a receiving mail server to confirm the email message by looking for the DKIM key of a sender and using it to check the signature encrypted.

How it works ?

DKIM operates by applying a digital signature to an email message header. You can then check this signature against a shared cryptographic key stored in the DNS database of the company.

  • A cryptographic key is released by the domain holders. 
  • This is formatted specifically as a TXT record in the overall DNS record of the domain.
  • The application produces and applies the special DKIM signature to the document header after a letter is sent by an outbound mail server.
  • Inbound mail servers then use the DKIM key to detect and decrypt the signature of the message and compare it to a fresh version. 
  • The message can be proven authentic and unchanged in transit if the values match, and therefore not forged or altered.

How is it related to SPF ?

DKIM and SPF are all protocols that require various aspects of email authentication. Complementary issues are addressed.

  • SPF requires senders to specify which IP addresses for a particular domain are allowed to send mail.
  • DKIM offers a digital signature and security key to ensure that an email message has not been faked or updated.

Advantages

  • Bypass spam filters.
  • Avoid getting phished.
  • Improve Reputation.

Click here to get insight about SPF.

dmarc-blog

DMARC Alignment – All You Need To Know

DMARC attempts to check that the address in the header ‘From’ is the real message origin or not. DKIM and SPF do not include the From header and Username.

Alignment ensures that when using a relaxed configuration, all domains will align perfectly.

Difference between Header from Domain and Mail from Domain

Header from DomainMail from Domain
The domain portion of the email address that is most frequently available to end-users in an email recipient’s “From” area.The SPF authorization method is using this code. It is the domain part of the email address commonly found in the message header “Return-Path.” This is also commonly known as the location of the rebound.

SPF Alignment

SPF alignment for DMARC: Alignment of the sender policy framework (SPF) ensures that the domains of your email match.

  • Mail-Address (MFrom)
  • From the url of the header

There are two types of SPF alignment

Relaxed alignment: For relaxed alignment, only the MFrom address’s root domain will suit the Header From address’s root domain. Relaxed alignment helps to use a sub-domain and still meet the criteria of domain alignment.

Strict alignment: The scope of the MFrom address with strict alignment is an exact match for the address of the Header From domain.

DKIM Alignment

DKIM alignment for DMARC: DKIM matching is when the DKIM signature domain parent of your email meets the domain Header From.

There are two types of DKIM alignment

Relaxed alignment: That method of alignment allows the domain of the DKIM to suit the domain of the parent header. Relaxed alignment helps to use a sub-domain and still meet the criteria for domain alignment.

Strict alignment- That method of alignment includes an exact match of the DKIM domain to the Header “From” domain.

Make anti-phishing solutions ride shotgun in your company’s modus operandi

What is DMARC? How is DMARC Deployment done?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a type of email protocol that uses SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Emails). It controls the situation when email fails authentication tests. It is published on the side of the domain.

It needs some preliminary work before you implement DMARC, including, of course, corporate consent, because it covers the entire company.

  1. Identify all your company domains

    The first phase of your DMARC implementation project is to analyze all your organization-owned domains. Identify all domains that sent an email, active and parked (inactive) domains, on behalf of your client. Don’t ignore your own inactive domain.

  2. Attach all domains known to your dashboard

    The next step is to include in your account all the domains that you found in the previous step. Also, don’t forget to add your inactive domains.

  3. Create DMARC record

    The next step is to generate your domains with a DMARC record. Your DMARC record is the core of a DMARC implementation. The DMARC record is a text that is connected to the parent domain.

  4. Publish the DMARC record created in your DNS

    The next step is to publish in your DNS the DMARC record generated in the previous step. It is essential to publish DMARC records in the DNS. You can do this yourself or ask your DNS provider if the appropriate DMARC record can be put.

  5. Analyze the data of your DMARC

    Analyzing data is the most important part. Once DMARC is implemented the data needs to be viewed before applying policy. It may take up to some time to see your account’s DMARC details. You will gain insight into your email channel(s) with these reports, using this data to better understand your mail sources.

Implementing DMARC on the mail server domains of your company should be the first move to defend your corporation from phishing attacks this year. DMARC+ offers a simple installation interface with deployment assistance for an easy journey towards your DMARC journey.