Articles on: Deliverability

Authentication (what are DKIM, SPF, and DMARC?)

DKIM - a crucial step to validate and ensure your identity as a sender. This process is done by creating two keys, one of them will be private and saved on your sending SMTP server, while the other will be public and saved in the Domain Name System (DNS). More specifically, DKIM is an email security standard that helps detect whether messages are altered in transit between sending and receiving mail servers. It uses public-key cryptography to sign email with a responsible party's private key as it leaves a sending server. Recipient servers then use a public key published to the DKIM's domain to verify the source of the message, and that the parts of the message included in the DKIM signature haven't changed since the message was signed. Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

SPF - a protocol used by domain owners to prevent spoofing (aka techniques that aim to mislead users into thinking that a message came from a person/company they know or trust to steal their data). By adding an SPF record to your DNS, you can provide a public list of senders that are approved to send email from your domain. Receiving servers can then cross-check that email originated from a server with permission to send on your domain's behalf. This is accomplished by checking the IP addresses listed in your SPF records against the IP address from the email's Return-Path header.

DMARC - or Domain-based Message Authentication, Reporting and Conformance, is a combination of DKIM and SPF standards and reports on its activities. More specifically, it is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. With SPF and DKIM, it is up to the ESP to decide what to do with the results. DMARC takes it a step further and gives you full control to set a policy to reject or quarantine emails from sources you do not know or trust, all based on the results of DKIM and SPF. Similar to SPF and DKIM, this policy resides in DNS.

Updated on: 07/22/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!