Tech Insight : What Are SPF, DKIM, And DMARC Records?

21st February 2023

In this insight, we look at the popular email authentication protocols SPF, DKIM, and DMARC, how they work, why they’re important, and what happens if they’re not set up properly.

What Is SPF? 

SPF, or Sender Policy Framework, is an email authentication protocol used to verify the sender of an email message. It is used to detect and prevent email spoofing, a common tactic used by spammers and cybercriminals to send email messages that appear to come from a legitimate source.

How Does SPF Work? 

SPF works by allowing the domain owner to publish a list of authorised email servers in the DNS record of their domain. When an email message is sent, the receiving mail server checks the SPF record of the sender’s domain to verify that the email was sent from an authorised server. If the sending server is not on the list of authorised servers, the receiving mail server may mark the email as spam or reject it outright.

Why Is SPF Now So Important? 

SPF is one of several email authentication protocols that can be used to combat spam and other forms of email fraud.

What Is DKIM? 

DKIM, or DomainKeys Identified Mail, is an email authentication protocol that is designed to verify the authenticity of an email message and detect email spoofing. Like SPF, DKIM is used to combat spam and other forms of email fraud.

How Does DKIM Work? 

DKIM works by adding a digital signature to the header of an email message. The signature is generated using a private key that is known only to the sender’s domain. When the email message is received by the recipient’s mail server, the server can verify the signature using a public key that is published in the sender’s domain’s DNS records. If the signature is valid, the email is considered to be authentic, and the receiving server can then deliver the email to the recipient’s inbox.

DKIM can also help protect the reputation of the sender’s domain. By signing their email messages with a DKIM signature, legitimate senders can provide a mechanism for email receivers to determine that the message is legitimate, which can reduce the likelihood that the message will be marked as spam or rejected outright.

Why Is DKIM So Important? 

In combination with other email authentication protocols like SPF and DMARC, DKIM can provide a strong defence against email spoofing and other forms of email fraud.

What Is DMARC? 

DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance, is an email authentication protocol that is used to combat email fraud and phishing attacks. DMARC is designed to give email domain owners greater control over how their emails are processed by receivers and provides them with visibility into how their domain is being used to send email.

How Does DMARC Work? 

DMARC works by allowing the domain owner to publish a DMARC policy in their DNS records that instructs receiving mail servers how to handle email messages that fail authentication checks. The DMARC policy can be set up to instruct receivers to either quarantine, reject or allow email messages that fail authentication checks (such as SPF and DKIM).

DMARC also provides feedback to the domain owner about how their emails are being processed by receivers. This feedback can include information about how many emails are passing or failing authentication checks, which email services are processing emails on behalf of the domain owner, and more.

Why Is DMARC So Important? 

By using DMARC, email domain owners can better protect their brand reputation, improve their email deliverability and reduce the likelihood that their domain will be used for fraudulent or malicious purposes. DMARC is often used in combination with other email authentication protocols such as SPF and DKIM to provide a more comprehensive email security solution.

What can happen if SPF, DKIM, and DMARC are not set up properly? 

If SPF, DKIM, and DMARC are not set up properly, it can leave a domain vulnerable to email-based attacks such as phishing, spamming, and spoofing. For example:

– If SPF is not set up properly, it can allow unauthorised senders to use a domain name to send email messages, which can lead to email spoofing. This can result in the recipient receiving a message that appears to be from a legitimate sender when, in fact, it is not.

– If DKIM is not set up properly, it can also allow unauthorised senders to use a domain name to send email messages. In addition, it can result in messages being marked as spam or rejected by email receivers, even if they are legitimate.

– If DMARC is not set up properly, it can result in a lack of visibility into how a domain is being used to send email, which can make it difficult to identify and respond to email-based attacks. It can also lead to email messages being marked as spam or rejected by email receivers, even if they are legitimate.

-Without proper setup of SPF, DKIM, and DMARC, legitimate email messages may not be delivered to the intended recipient’s inbox, while malicious or spam messages may pass through to the inbox, potentially leading to security threats or the compromise of sensitive information.

What Does This Mean For Your Business? 

Email is one of the most common attack vectors used by cybercriminals, with a considerable proportion of security threats arriving in emails. According to various studies and reports, the majority of cyberattacks and security threats are initiated through email. For example, the 2021 Verizon Data Breach Investigations Report found that 85 per cent of all data breaches involved a human element, with phishing and credential theft being the top methods used by attackers. Additionally, the report found that 36 per cent of all breaches involved the use of stolen or compromised credentials, many of which were obtained through phishing attacks.

Also, the 2021 Microsoft Digital Defence Report found that phishing attacks were the most common type of threat observed, with attackers using a range of social engineering tactics to trick users into providing sensitive information or downloading malware.

Similarly, other studies have shown that a significant proportion of malware is delivered via email. For example, a 2020 report by cybersecurity company Symantec found that email was the most common vector for malware attacks, with over 70 per cent of all malware being delivered via email.

Overall, therefore, email should be a critical area of focus for businesses cybersecurity professionals, and it is essential that businesses and organisations take steps to protect themselves against email-based attacks. This can be done through the use of email authentication protocols like SPF, DKIM, and DMARC, as well as through user education and training on how to identify and respond to phishing and other email-based threats. Therefore, it’s important for email domain owners to properly set up and maintain these email authentication protocols to ensure the security and integrity of their email communications.