What is SPF, DKIM, and DMARC in email security?
D3 ยท Architecture ยท CompTIA Security+ SY0-701Three complementary email authentication standards:
๐ฌ SPF (Sender Policy Framework) โ DNS record listing authorized mail servers for a domain. Receiving servers check if the sending IP is on the list.
๐ DKIM (DomainKeys Identified Mail) โ adds a cryptographic signature to outgoing emails, verified by the receiving server using a public key in DNS.
๐ก๏ธ DMARC (Domain-based Message Authentication, Reporting & Conformance) โ builds on SPF and DKIM, specifying what to do with messages that fail authentication (none/quarantine/reject) and provides reporting.
๐ฌ SPF (Sender Policy Framework) โ DNS record listing authorized mail servers for a domain. Receiving servers check if the sending IP is on the list.
๐ DKIM (DomainKeys Identified Mail) โ adds a cryptographic signature to outgoing emails, verified by the receiving server using a public key in DNS.
๐ก๏ธ DMARC (Domain-based Message Authentication, Reporting & Conformance) โ builds on SPF and DKIM, specifying what to do with messages that fail authentication (none/quarantine/reject) and provides reporting.
All three work together: SPF = right server, DKIM = right signature, DMARC = enforces policy and reports. Without these, anyone can send email "from" your domain (email spoofing). DMARC with p=reject is the strongest policy. Many phishing attacks spoof legitimate domains โ SPF/DKIM/DMARC prevent this.