Skip to content
English - Australia
More support Customer portal
Contact us
  • There are no suggestions because the search field is empty.

DMARC, DKIM AND SPF Explained Easy Peasy

Thanks To: Scott Magee, Tech Triber

THE EASY BIT

Let's imagine these three as bouncers at an exclusive Email Nightclub, making sure only legitimate guests get in.

SPF (SENDER POLICY FRAMEWORK)

This bouncer checks the guest list (a list of IP addresses) to see if the sender's server is allowed to send emails on behalf of the domain. If the server isn't on the list, the email might be turned away at the door.

DKIM (DOMAINKEYS IDENTIFIED MAIL)

This bouncer is all about signatures. When an email is sent, it gets a unique signature from the sender's domain. Upon arrival, DKIM checks if the signature matches the one on file. If it doesn't, the email could be a sneaky impostor and might not be allowed in.

DMARC (DOMAIN-BASED MESSAGE AUTHENTICATION, REPORTING & CONFORMANCE)

This is the head bouncer who sets the rules for the other two. DMARC tells them how strict to be and what to do with emails that don't pass the tests. It also keeps an eye on things by collecting reports on who's trying to sneak in.

So, in a nutshell, SPF, DKIM, and DMARC work together to ensure that only legitimate emails get into the Email Nightclub, keeping the party safe and enjoyable for everyone!

 

DMARC, DKIM AND SPF EXPLAINED

DMARC, DKIM and SPF are security protocols that work together to help protect emails from being blocked or flagged as spam. These protocols are used by organizations to demonstrate that they are sending emails from a legitimate and trusted source.

DMARC (DOMAIN-BASED MESSAGE AUTHENTICATION, REPORTING & CONFORMANCE)

DMARC is an email authentication protocol that helps combat phishing and email spoofing by ensuring that email messages sent to the recipient come from verified and approved sources. This requires the sending organization to have the proper authentication technologies in place such as DKIM and SPF, and then publish a DMARC record in their DNS (Domain Name System). The record will provide the recipient's email server with instructions on how to handle messages that fail authentication. 

DKIM (DOMAINKEYS IDENTIFIED MAIL)

DKIM is an email authentication protocol that uses a cryptographic signing algorithm to prove that the email message was sent from an approved and verified source. The cryptographic signing algorithm is used to sign the messages with a digital signature before they are sent out, and the recipient’s server verifies that the message contains the same digital signature. If the digital signature does not match, the server will not accept the email.

SPF (SENDER POLICY FRAMEWORK)

SPF is a protocol that helps to authenticate the sender of an email message. It works by having the sending organization list out the authorized IP addresses in a text file and publishing it in their DNS. When an email is sent to a recipient, their server looks up the sending organization’s DNS record and verifies that the sending IP address is listed as a sending server for that organization. If the sending IP address does not match, the email is flagged and potentially blocked.

Together, DMARC, DKIM and SPF provide a comprehensive email authentication and verification system that helps ensure that only emails from trusted and approved sources are delivered to the recipient's inbox. This helps protect against phishing and other malicious email attacks, and helps ensure that legitimate emails are delivered without being flagged as spam.