Checking Phishing Mail by SPF, DKIM, and DMARC
What are SPF, DKIM, and DMARC?
DMARC, DKIM, and SPF are three email authentication methods. Together, they help prevent spammers, phishers, and other unauthorized parties from sending emails fraudulent or malicious emails on behalf of a domain* they do not own.
DKIM and SPF can be compared to a business license or a doctor’s medical degree displayed on the wall of an office — they help demonstrate legitimacy.
Meanwhile, DMARC tells mail servers what to do when DKIM or SPF fail, whether that is marking the failing emails as “spam,” delivering the emails anyway, or dropping the emails altogether.
- SPF (Sender Policy Framework) allows you to specify which servers are authorized to send email on behalf of your domain. When an email arrives at a recipient’s inbox, the recipient’s mail server will check the SPF record for the sender’s domain to see if it is authorized to send email from that domain. If the SPF record does not allow the sender’s server to send email from that domain, the email will be rejected.
v=spf1 include:8112310.spf10.hubspotemail.net -all
v=spf1 include:8112310.spf10.hubspotemail.net ~all- DKIM (DomainKeys Identified Mail) allows you to sign your emails with a cryptographic signature that can be verified by the recipient’s mail server. This helps to ensure that the email has not been tampered with since it was sent.
- DMARC (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM by providing a way for domain owners to specify what should happen to emails that fail SPF or DKIM validation. For example, you can configure DMARC to reject all emails that fail SPF or DKIM validation, or you can configure it to quarantine them instead.
v=DMARC1; p=none; sp=none; rua=mailto:dmarc@abc.orgBy using SPF, DKIM, and DMARC together, you can help to protect your organization from email spoofing and phishing attacks.
Here are some additional resources that you may find helpful:
- SPF: Sender Policy Framework: https://en.wikipedia.org/wiki/Sender_Policy_Framework
- DKIM: DomainKeys Identified Mail: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
- DMARC: Domain-based Message Authentication, Reporting and Conformance: https://en.wikipedia.org/wiki/Domain-based_Message_Authentication,_Reporting_and_Conformance
- How to Set Up SPF, DKIM, and DMARC: https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/
- DMARC Analyzer: https://dmarcanalyzer.com/
- Email Headers: https://mxtoolbox.com/EmailHeaders.aspx
References:
https://github.com/Zshader/Security-Tools/blob/main/_Email_Header_Analysis_%20_1687803686.pdf
https://www.linkedin.com/feed/update/urn:li:activity:7063249755627298816/