Spam has been an ongoing and persistent problem since the inception of the internet. Gary Thuerk of Digital Equipment Corp (DEC) sent the first unsolicited mass emailing (later dubbed SPAM) on May 1, 1978, advertising the VAX T-series to 400 of the then 2600 ARPAnet users.
The SMTP email protocol that we use today evolved from the early ARPANET mail protocols Postel RFC788 & RFC821. It was developed in the 1980s and has not changed much since. Since its inception, the SMTP protocol has been largely unsecured. It is also vulnerable to spoofing by email servers or email addresses. To protect against these threats, several new tools have been added to the email security toolbox.
SPF, DKIM and DMARC all have similar features to detect spam or spoofed emails. However, they differ slightly.
SPF (RFC 7208)
SPF (Sender Policy Framework) is a list that specifies which servers are allowed to send email to a specific domain via a DNS entry. It is secured by the fact that only authorized domain administrators have the DNS zone records of the domain.
DKIM (RFC 63676)
DKIM (DomainKeys ID Mail) is different from SPF because it verifies that the recipient server can send mail to the domain. It also confirms that the mail quality has not changed since the time it was sent it. DKIM keys are stored in DNS. DKIM uses a public/private key signature mechanism.
These steps apply to DKIM's email process:
- Sending servers to create signatures with their DKIM public key and insert them into the email header (DKIMSignature).
- Email recipients search for the DKIM public keys in the DNS TXT record of the sending domain. This key is used to verify the DKIM Signature attached to the email.
Modifying the email body content will cause the signature not to match the validation and invalidate it.
It confirms that the email content was not altered and sent from an approved domain server.
DMARC (RFC 7489).
DMARC (Domain-Based Message Authentication Reporting and Conformance) combines elements of both DKIM and SPF. It allows the domain administrator to create a policy for DMARC that can be used in both tools. The domain administrator can also use the address to submit information about forged email statistics gathered from receivers against the same domain.
- These are the relative levels of spoofing on your domain.
- Who are you spoofing emails purporting that they are from your domain?
Is that a sign your spam problem has been solved?
These techniques would be used by all email servers in an ideal world. It would greatly reduce its SPAM. However, some domain owners are reluctant to use these methods because they might lose important emails if they make a mistake with the DNS TXT records.
However, these methods have been adopted by major email domain owners like Yahoo, Microsoft, and Google.
SPAM can still be transmitted through compromised accounts and servers, shared hosting email servers, and misconfigured servers. Multilevel email protection is the best way to ensure safe and clean email feeds.
What are the effectiveness of DMARC, SPF and DKIM?
These tools will significantly impact the SPAM fight, and the more domains using them, the better. Be cautious when using these tools. Implementation of DMARC Before you go live, make sure that you have checked all settings. SPF allows you to test the settings in a test mode. It means that any mail from the recipient domains that fail the test will be allowed to go live.
Published by nimisha rawat