Sysadmin

What are DMARC, DKIM, and SPF and how to setup them

Carlos PérezOctober 17, 20242 Mins read1.6k 0

What are they?

DMARC, DKIM, and SPF are three email authentication mechanisms that help prevent email misuse, such as phishing or spoofing. Here is a simple explanation for each:

SPF (Sender Policy Framework)

It is a list of servers that are authorized to send emails on behalf of a domain.
When a server receives an email, it checks if the sending server is on the list authorized by the sender’s domain. If it is not, it can consider it suspicious.

DKIM (DomainKeys Identified Mail)

It works by adding a unique digital signature to the email.
The receiving server can use this signature to verify that the message has not been altered during its transit and that it comes from a legitimate source.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

It acts as an additional layer that uses both SPF and DKIM to authenticate emails.
It allows the domain owner to tell email servers what to do if a message does not pass SPF or DKIM validations (for example, mark it as spam or reject it).
Additionally, DMARC enables receiving reports about fraudulent emails that attempt to impersonate the domain.

How to configure them?

SPF, DKIM, and DMARC are configured through the DNS records of the domain associated with the emails. Here is how each is configured in the DNS:

SPF (Sender Policy Framework)

It is configured using a TXT record in the domain’s DNS.
This record contains a list of servers authorized to send emails on behalf of your domain.

Example of an SPF record:

v=spf1 include:email-server.com ~all

DKIM (DomainKeys Identified Mail)

It is also configured with a TXT record.
For DKIM, you need to generate a public key and add it to the domain’s DNS. The private key is used on the mail server to sign the messages.

Example of a DKIM record:

default._domainkey.yourdomain.com TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqG..."

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

It is configured using a TXT record in the domain’s DNS, like the others.
The DMARC record defines the policies for handling emails that do not pass SPF or DKIM validations, and it can include addresses to receive reports.

Example of a DMARC record:

_dmarc.yourdomain.com IN TXT "v=DMARC1; p=quarantine; rua=mailto:reports@yourdomain.com"

In summary:

SPF controls who can send emails on behalf of your domain.
DKIM verifies the integrity of the message.
DMARC combines both to set policies and obtain activity reports.

All these mechanisms are implemented by adding TXT records in the DNS of the domain associated with the emails. These records help authenticate the emails sent from your domain and protect it from impersonation attempts.

Previous post SysadminHow to setup a Consent Mode cookie banner in a wordpress for free

Carlos Pérez

Digital manager, tech lead, product designer, full stack engineer, web and app developer, SEO, digital marketing, automation and AI expert.

Recent Posts

How to start an Interceptor degug session in Postman

Insert contact button when woocommerce product price is empty

How to use debounce in class components in React

Problem array_diff_assoc() on multidimensional arrays

How to install different PHP versions on XAMPP

The difference between observability and monitoring

How to share a folder in VirtualBox with a Windows host and a Linux guest

htaccess to redirect a url, file, or folder

How to setup a Consent Mode cookie banner in a wordpress for free

How to enable enhanced conversions on a Google Ads account

How to setup Google Ads conversions in WordPress with Site Kit

How to manage several Google Ads accounts in one page