DMARC, DKIM, and SPF
Email domains must implement SPF, DKIM and DMARC.
DMARC, DKIM, and SPF are three email authentication protocols. Together, they help prevent spammers, phishers, and other unauthorized parties from sending emails on behalf of a domain* they do not own. based on
Sender Policy Framework (SPF) is an email authentication method which ensures the sending mail server is authorized to originate mail from the email sender’s domain. This authentication only applies to the email sender listed in the “envelope from” field during the initial SMTP connection. If the email is bounced, a message is sent to this address, and for downstream transmission it typically appears in the “Return-Path” header. To authenticate the email address which is actually visible to recipients on the “To:” line, other technologies such as DMARC must be used. Forgery of this address is known as email spoofing, and is often used in phishing and email spam.
The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain. Sender Policy Framework is defined in RFC 7208 dated April 2014 as a “proposed standard” based on
Tools to check, validate und create SPF entries:
Example DNS entry for SPF
TXT @ v=spf1 include:spf.protection.outlook.com -all
DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam.
DKIM allows the receiver to check that an email that claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender’s public key published in the DNS. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message’s authors and recipients.
DKIM is an Internet Standard. It is defined in RFC 6376, dated September 2011; with updates in RFC 8301 and RFC 8463. based on
Tools to validate the DKIM entry in your DNS
Example DNS entry for SPF
TXT smbo0001._domainkey v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAA...
It may also be a CNAME
CNAME selector1._domainkey selector1-aixlab-de._domainkey.schellenbergac.onmicrosoft.com
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.
Once the DMARC DNS entry is published, any receiving email server can authenticate the incoming email based on the instructions published by the domain owner within the DNS entry. If the email passes the authentication, it will be delivered and can be trusted. If the email fails the check, depending on the instructions held within the DMARC record the email could be delivered, quarantined or rejected. based on
Tools to check, validate und create DMARC entries:
Example DNS entry for SPF
TXT _dmarc v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s
To indicate everyone that emails from this domain are not valid to the follwing configuration in the DNS
TXT @ v=spf1 -all
TXT *._domainkey v=DKIM1; p=
TXT _dmarc v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s