We don’t like spam. And we need help fighting it, so this is what this post is about: Helping you help all of us that fight spam every day.
Let’s start with the concepts. I promise it’ll be quick:
|What does it stands for?||Sender Policy Framework||DomainKeys Identified Mail||Domain-based Message Authentication, Reporting and Conformance|
|What is it?||A system to declare and verify who can send e-mails from a given domain||An e-mail authentication system based on asymmetric cryptographic keys.||An e-mail authentication system that helps determining what to do when messages fail SPF or DKIM checks.|
|How does it work?||The receiving host checks if the sending host is allowed to send e-mails from the sender domain.
The information stating who can send e-mails is stored on a TXT record in the DNS zone.
|The sending host signs email body and/or headers with its private key. The receiving host verifies the signature, identifying if the fields are intact.
No digital certificate is required. Public key is published using DNS TXT records.
|The receiving hosts applies the DKIM and SPF checks. Then it validates the results against the published DMARC policy and decides what to do: Block, quarantine, deliver, report to sender.
The DMARC policy is published via DNS TXT record.
|Why is it important?||It helps preventing spoofing and can prevent damage to your brand.||Greatly reduces the chances that your messages are treated as spam by digital signature.||Helps receiving organization decide what to do with e-mails that fails checks and create a feedback loop to allow course correction.|
|Where can I learn more?||Sender Policy Framework||DomainKeys Identified Mail||Domain-based Message Authentication, Reporting & Conformance|