SPF
Sender Policy Framework is an email validation protocol, which is used to protect your email users from potential spammers. It allows the participants (mail exchangers) to make sure that all incoming mails from a
specific domain comes from valid IP-address. An SPF record is a simple TXT record in the DNS that defines which IP addresses and/or servers are
allowed to send mail “from” that specific domain.
When email is sent, ISPs check it and return Return-Path
domain. They then compare the IP-address of the sender with the IP-address in the Return-Path domain’s SPF record to see if they're the same. If the same, SPF authentication process can be considered as confirmed and the message
will be delivered.
SPF record is the following:
DKIM
DomainKeys Identified Mail is the second protection stage while transferring emails between mail servers
. This mechanism works using encryption keys. In order to use DKIM, the pair of keys should be generated - public and private, where:- Pirvate – it's your unique key, which encrypts the hidden signature in the headers of every email you send. It's not visible for the users.
- Public key - you've to define it as a TXT-record within you DNS. Using it, the recipient server decrypt the previously encrypted signature.
Example of the public key:
Two keys work in pair. When mail server receive an email, it checks you public key. With its help, the server decrypts the hidden signature, which confirms your authorship.
Respectively, if DKIM is absent, many of mail servers will reject receiving your emails. This is an authorization method that cannot be ignored.
DMARC
Domain-based Message Authentication, Reportingand Conformance
– is the second protection stage. This technology, which determines what to do with emails, if they are no authenticated with SPF and DKIM. This is the rule that you set for emails sent on your behalf.Before DMARK set up, it's required to make sure that SPF and DKIM are launched properly, otherwise, emails can be filtered.
There are 3 basic rules, by which DMARK mechanism works when it recognizes messages as suspicious:
- Takes no action;
- Marks email as spam and moves it to quarantine;
- Rejects the email without delivery to the addressee;
DMARK record has the following view: