An old topic, important as ever: if you're just setting up your email ecosystem, here's a simplified description of the triumvirate of the most pressing Email authentication protocols.
The three techniques are important parts of a detailed and thorough email security ecosystem in the current climate. That’s why we wanted to give you a quick checklist and details about them, so you have all the knowledge you need to be prepared. Let’s take a look:
What Is SPF and Why It Matters?
Sender Policy Framework (SPF) is a technique in email security that uses an anti-spam approach. Through SPF, the Internet domain of an email sender needs to be authenticated before being sent. That essentially means that through one simple protocol, a massive number of spam mailers are discouraged as they can no longer use email spoofing, the method in which the origin of an email is hidden.
Thanks to SPF, any server can determine with ease if a message originated from the domain it says it originated from, and not a scammer's address. However, this is not the only reason why the framework matters. The Simple Mail Transfer Protocol (SMPT) that's widely used as the main protocol for emails doesn't have a system for mail authentication, which makes SPF a necessity to achieve authentication and discourage spam emails.
What Is DKIM and Why It Matters?
DomainKeys Identified Mail (DKIM) allows for emails to be signed in a specific way that makes them verifiable to mailbox providers across the world. It’s a protocol that was made possible by the creation of cryptographic authentication for email messages.
This essentially makes DKIM a helpful tool in the hands of any company looking for an effective way to protect its customers and its employees from targeted email attacks like spear phishing.
It works because it creates an identification demand from an email that needs to have a DKIM signature included. The signature can involve anything, and if it's not there, the authentication will fail. Furthermore, the sender's email generates a hash of the text and the signature and sends it encrypted. The receiver needs to create the same encryption for the signatures to match and allow for proper email transfer.
What Is DMARC and Why Does It Matter?
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is the ultimate protocol that combines SPF and DKIM and creates something better and more secure. When SPF and DKIM fail, DMARC kicks in to authenticate an email or block it.
Due to more sophisticated threats that can bypass other protocols and make an email appear as if coming from a legitimate source, DMARC is there to make sure that illegitimate emails are discovered and blocked on time.
DMARC truly matters in today's climate because many email scams have become good enough that many employees and executives open scam emails. However, a whole class of phishing messages becomes entirely obsolete with DMARC in place. It makes a company secure in the knowledge that a lot of phishing emails won’t even reach their employees who would otherwise open them and potentially even click on attachments and links within them.
Due to all the threats and the need for having all three protocols in place, AnubisNetworks offers a thorough email security software that includes SPF, DKIM, DMARC, and many other security measures to ensure your company's entire email ecosystem is secure. Ask us for a demo to see how it works.
Author: Miguel Caldeira
Miguel Caldeira is a Head of Engineering at AnubisNetworks with degrees in Master, Electronics, and Telecommunications Engineering. Started on GMV as Software Engineer on aeronautics security projects. He then joined to AnubisNetworks, and then Bitsight Technologies, before returning to Anubis to lead the development of Email Security Solutions.