Sender Policy Framework (SPF).
Publishes a list of
servers that are authorised to send email on behalf of a domain. SPF is akin to
path based authentication.
Domain Keys Identified Mail (DKIM).
A tamper proof
domain seal to an email. DKIM is akin to signature based authentication.
Domain-based Message Authentication, Reporting and
Conformance (DMARC).
Creates a link
between a domain and an email, and validates SPF and DKIM authenticated headers
match the from header domain. DMARC
builds upon SPF and DKIM authentication. Anyone can buy a domain and put SPF
and DKIM in place. However DMARC closes off this problem by checking the SPF
and DKIM authenticated headers ALSO match the domain found in the from
header. This is termed 'Identifier
Alignment'.
Once an
email domain owner is confident that they’ve deployed SPF and DKIM across all
of their email streams, the domain owner can then tell the world to act against
email that is not compliant with DMARC.
Not just gentlemanly but ensures brand protection and effective email
delivery (by helping to prevent SPAM filter false positives).
DMARC is
a freely available technical specification. DMARC records are published with
DNS Domain.
Examples of DMARC Matching
From:
rich.com SPF: rich.com DKIM: (none) DMARC Match? Yes
From:
rich.com SPF: paul.rich.com DKIM: (none) DMARC Match? Yes
From:
rich.com SPF: richierich.com DKIM: (none) DMARC Match? No
From:
rich.com SPF: richierich.com DKIM: rich.com DMARC Match? Yes
From:
rich.com SPF: paul.rich.com DKIM: paul.rich.com DMARC Match? Yes
From:
rich.com SPF: tealeaf.com DKIM: crook.com DMARC Match?: No
From:
rich.com SPF: r1ch.com DKIM: (none) DMARC Match?: No