Email Headers: What is SPF, DKIM, DMARC?

You must have come across these terms while looking up for email security or trying to identify a phishing email. These are actually methods used to identify whether the email received is from a legitimate source or not.

Let’s get started with SPF or Sender Policy Framework.
It’s a record maintained with the sender organization’s DNS server. SPF tells which server/hosts are allowed/authorized to send email for that domain name. The receiving email server check this SPF record of the sender domain and matches it with the sending email server to see if the sending server is actually authorized to send an email for that domain. If the record matches, it will show SPF as pass otherwise fail. If a domain has no SPF record, it can be easily spoofed and can be used for malicious activities.

Next we have is DKIM which stands for Domain Keys Identified Mail.
This method ensures that the message is not tampered with. DKIM uses encryption algorithm to create a signature by encrypting the message hash using DKIM private key.
The private key stays on mail server while the public key is published to sender domain organization’s DNS record.
The receiving email server checks if the public key is associated to the private key. It is done by using the public key to decrypt the signature that came along and comparing it with that of the message. If the hash matches then DKIM will pass, else fail.

Finally coming on to DMARC. It stands for Domain-based Message Authentication Reporting and Conformance.
It ensures if SPF and DKIM are working as they should be. For DMARC to pass, both SPF and DKIM should pass, and atleast one of them must be aligned