In our globalized world, human relationships have moved to the virtual environment through technological advancements. As a result, people have managed to easily communicate with distant points on the Earth’s surface. While this situation may seem highly beneficial, it has brought forth many disadvantages as well. The greatest example of this is the security vulnerabilities present in the emails that many people use. These vulnerabilities can lead to significant problems. For instance, impersonating or altering the content of an email sent by a world-renowned company can result in a major loss of reputation and revenue for the company. To mitigate such vulnerabilities, security technology has been developed and diversified. With this article, DMARC, SPF, and DKIM, which are email security technologies developed in this field, will be examined.
Table of Contents
The technologies developed for email security are as mentioned above: SPF, DKIM, and DMARC. These technologies ensure email security through different methods. Individuals can choose to use either one of these security technologies or all of them together. In this regard, these security technologies complement each other.
What is SPF?
The Sender Policy Framework (SPF) strengthens your DNS servers to restrict who can send emails from your domain, prevent domain spoofing, and enable your mail server to determine when a message will come from the used domain. SPF has three main components: policy framework, authentication method, and specific headers in the actual email that convey this information.
Why Should We Add an SPF Record to Our Domain?
While SPF doesn’t provide complete security in email, it is beneficial from a security standpoint. For instance, an SPF record provides an additional trust signal for Internet Service Providers (ISPs). This increases the likelihood of your emails reaching users’ mailboxes instead of being directed to their spam folders.
How Does an SPF Record Work?
SPF adopts the ‘return path’ working logic. In this working logic, the system first takes the sender’s email address domain, then examines the SPF record associated with this domain, and decides whether to allow the sending IP server based on this record.
How is an SPF record created?
To add an SPF record, a TXT entry needs to be added to the DNS. This entry compares the allowed records with the server information wanting to send emails, and based on this, the email is either accepted or rejected. One of the most crucial considerations during this record setup is to avoid having a second TXT record. Having a second TXT record can lead to failures in SPF for servers.
Example of an SPF record:
v=spf1 a mx include:spf.mtasv.net include:_spf.createsend.com ip4:192.168.0.1/16 ∼all
1-)v=spf1 –> The ‘v’ statement indicates the version of SPF being used.
2-)a –> The ‘a’ statement signifies that if the used email address contains a domain name, it will match.
3-)mx –> The ‘mx’ statement indicates that the sent email will match with the content of the SPF record’s email servers.
4-)include –> The ‘include’ statement is used to decide which SPF test will be executed.
5-)ip4/ip6 –> The ‘ip4 / ip6’ expressions allow you to set a boundary to define your domain.
6-)∼ all−− > The ‘all’ statement specifies that other servers cannot send mail through this domain.
What is DKIM?
DKIM is a security technology that adds digital cryptographic signatures to outgoing emails. This ensures that the email comes from a trusted source and remains unchanged while in transit between the sender and the recipient server. Initially, a pair of private and public keys is generated. The private key is used to sign your email, while the public key is published in your domain’s DNS using TXT records. This allows your emails to be verified by servers.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) prevents unauthorized use of your domain ([email protected]). If attempted, it is an email security technology that provides you with reports. In fact, this technology is an advanced method created by combining the previously mentioned SPF and DKIM security technologies.
How Does DMARC Work?
In SPF and DKIM security technologies, the Internet Service Provider (ISP) used to determine what to do with the results. However, in the case of DMARC technology, it allows you to block or quarantine emails from untrusted or unknown sources. All of this is done based on the results of SPF and DKIM tests. The DMARC record is defined on DNS as a TXT record, just like other security technologies.
Example of a DMARC record:
_dmarc.domain.com TXT v=DMARC1 p=reject pct=100 rua=mailto:[email protected]
This record contains a policy written to block the email when DKIM and SPF tests with the pct value fail. Additionally, the statement ‘rua = mailto:[email protected]’ is used to send the generated report to the user’s email address for these events.
Why SwordEye for Email Tracking?
SwordEye Attack Surface Mapping provides risk scores to your organization by tracking your digital assets and external threats without requiring any configuration. Metrics such as SPF, DMARC within the DNS security category, which affect the risk algorithm, monitor your records for all assets 24/7. Alarms are generated in case of adverse security records, leading to a decrease in your score. This enables you to continuously monitor the status of your records, make security improvements with configuration instructions, and elevate your cyber risk score.