Email authentication

Email authentication helps to verify that the sender of an email is legitimate and prevents malicious actors from impersonating trusted senders. This is done using several techniques that help verify the origin of an email and ensure its authenticity. Here’s how the commonly used email authentication methods work:

1. SPF (Sender Policy Framework)

• What it does: SPF is used to verify that the sender’s IP address is authorized to send emails on behalf of the domain in the “From” field.
• How it works:
  • The domain owner publishes an SPF record in the DNS (Domain Name System) of their domain. This record lists the authorized mail servers (IP addresses) that are allowed to send emails on behalf of the domain.
  • When an email is received, the recipient mail server checks the SPF record for the domain in the “From” field.
  • If the sending IP address matches one of the authorized servers listed in the SPF record, the email is considered legitimate. Otherwise, it may be marked as spam or rejected.

Example: If the domain example.com publishes an SPF record like:

v=spf1 ip4:192.168.1.1 include:anotherdomain.com ~all

It means emails sent from IP address 192.168.1.1 or from anotherdomain.com are authorized to send emails on behalf of example.com.

2. DKIM (DomainKeys Identified Mail)

• What it does: DKIM ensures that the contents of an email (its body and attachments) haven’t been altered in transit, and it also verifies the authenticity of the sender.
• How it works:
  • The sender’s mail server generates a cryptographic signature for each email it sends, using a private key. This signature is added as a DKIM-Signature header in the email.
  • The domain owner publishes the public key in the DNS.
  • When the recipient’s mail server receives the email, it retrieves the public key from DNS and uses it to verify that the signature in the email header matches the email’s contents.
  • If the signature is valid, it proves that the email hasn’t been tampered with and that it was sent by the domain in the “From” field.

Example: A DKIM signature might look like this:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=example.com; s=selector1; t=1600000000; bh=Z2V0dGVzdC1tZXNzYWdl; b=...

This signature allows the recipient’s mail server to verify the authenticity and integrity of the email.

3. DMARC (Domain-based Message Authentication, Reporting & Conformance)

• What it does: DMARC builds on SPF and DKIM by enabling domain owners to specify how email receivers should handle emails that fail authentication. It also provides a way for domain owners to receive reports about email authentication results.
• How it works:
  • The domain owner publishes a DMARC policy in their DNS record. This policy specifies what should happen if an email fails SPF or DKIM checks (e.g., reject, quarantine, or do nothing).
  • DMARC also allows the domain owner to request aggregate and forensic reports about the authentication status of emails sent from their domain.
  • When a receiving mail server receives an email, it checks if the email passes either SPF or DKIM authentication. If it fails both and doesn’t align with the domain’s DMARC policy, the server will take action based on the policy (reject, quarantine, or accept).

Example: A DMARC record might look like this:

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100

This means that if emails fail DMARC checks, they should be rejected, and reports should be sent to the provided email addresses.

---

How They Work Together:

• SPF authenticates the sender’s IP address.
• DKIM ensures the email’s integrity and verifies that it was sent by the domain owner.
• DMARC ties these two together by enforcing policies and providing reporting mechanisms.

By using SPF, DKIM, and DMARC together, email domains can effectively prevent spoofing (where an attacker impersonates a trusted domain) and phishing attacks, ensuring that recipients can trust the emails they receive. These technologies enhance overall email security, reduce the likelihood of fraudulent emails, and improve sender reputation.