Despite making some progress, a trio of email security protocols has seen a rocky road of deployment in the past year. Going by their acronyms SPF, DKIM and DMARC, the three are difficult to configure and require careful study to understand how they interrelate and complement each other with their protective features. The effort, however, is worth the investment in learning how to use them.
What is SPF?
Sender Policy Framework (SPF) hardens your DNS servers and restricts who can send emails from your domain. SPF can prevent domain spoofing. It enables your mail server to determine when a message came from the domain that it uses. SPF has three major elements: a policy framework as its name implies, an authentication method and specialized headers in the actual email itself that convey this information. SPF was first proposed with IETF standard 4408 back in 2006 and has been updated most recently to standard 7208 in 2014.
What is DKIM?
DomainKeys Identified Mail (DKIM) ensures that the content of your emails remains trusted and hasn’t been tampered with or compromised. It was initially proposed in 2007 and has been updated several times, most recently with the IETF standard 8301 this last January. Both SPF and DKIM were updated with the IETF standard 7372 in 2014.
What is DMARC?
Domain-based Message Authentication, Reporting and Conformance (DMARC) ties the first two protocols together with a consistent set of policies. It also links the sender’s domain name with what is listed in the From: header and also has some better reporting back from mail recipients. It was proposed as an IETF standard 7489 in 2015.
Why you need DMARC, SPF and DKIM
Phishing and email spam are the biggest opportunities for hackers to enter the network. If a single user clicks on some malicious email attachment, it can compromise an entire enterprise with ransomware, crypto jacking scripts, data leakages or privilege escalation exploits.
What isn’t as well known is why most enterprises need all three of these protocols to protect their email infrastructures. Like much in the IT world, the multiple solutions don’t all necessarily overlap. Actually, they are quite complementary to each other, and chances are good that the average business will need all three of them.