Spam email messages are distress since email has gained popularity.If an email says it belongs from an email organization, are you sure that it really comes from that organization? This is basically what email authentication is – checks that the domain sender is in control of the sender. By using email authentication protocols, ISPs help protect email users from phishing scams and spammers.When an ISP can not authenticate a sender, the sender may face an additional scrutiny that may filter. Email authentication is an important tool as the email administrator interacts directly with the effects. Email providers like Gmail,Yahoo,Hotmail which messages may be hazardous for users, are difficult and often incorrect. Despite many attempts to create anti-spam tool, we get many unwanted messages every day.Because someone will use our email for unauthorized abuse and fraud. For overcoming this situations we should authenticate email before it reaches the recipient. Email authentication is necessary to avoid losing your reputation or spamming your brand name.If your email administrating needs more control, it’s time to set up your DNS record with SPF & DKIM for your mail server.Enabling these features in DNS will increase the reputation of all emails sent from that account.
What is SPF?
SPF (Sender Policy Framework) is a DNS text entry that displays a list of servers that are allowed to send mail for a particular domain. The fact that the SPF is a DNS entry can be viewed as a means of implementing the fact that the domain is authentic, because only the owner / administrator allowed the main domain to be added and changed. In other words, it identifies you as an email manager with that message and not someone else. SPF defines which IP addresses is used to send emails from your domain.
Example SPF Record, if you are using Google Apps you can set the SPF to
TXT @ v=spf1 a include:_spf.google.com ~all
TXT – DNS zone record type ( SPF are written as TXT )
@ – Represent current domain
v=spf1 – For identifying TXT record as SPF record
a – Represent A record of current Domain
include: – Authorizes mail to sent behalf of the domain from google
all~ – Allow mail whether or not it matches the parameters in the record
The Protection of SPF
When someone sends an email from an IP not listed in your SPF document, it allows the SPF recipient to reject it. Your customer will not receive email, your reputation and brand will continue.
Limitations of SPF
SPF only is not a complete solution for email authentication. Some email irregularities have been lost even after the SPF is fully deployed by an email sender.
The recipient’s system is unlikely to know how much they should rely on the SPF results.
Email Receivers will not be provided by the SPF to provide any feedback to the email sender.
Authenticating deeper email domains in SPF message headers, and is not easily visible to a regular user.
What is DKIM?
The DomainKeys Identify Mail (DKIM) standard created the same reasons as SPF to prevent to mimic you as an email sender. This is a way to sign your emails in a way that the sender’s server verifies whether the sender is actually you or not.
DKIM should replace the content of the messages as reliable, since they did not change the moment they exit the message from the first mail server. This reliability improves by performing a regular public / private key sign process. Once owners of the domain adds a DNS entry with the public DKIM key, it will be used by the resellers to check that the message DKIM signature is correct, the server side will sign the descriptive mail messages using the corresponding private key.
Example DKIM Record
Please note when entering a DKIM record to not use the name of the domain name, but only the name of the key you will be using.
TXT – DNS zone record type ( DKIM are written as TXT )
v=DKIM1 – This means that DKIM version 1 is used.
k=rsa: – “k” tells which Key type is being used. “rsa” is the default Key type
p=MIIBIjA – “p” tells that a Public Key will be designated. In this case “MIIBIjA…” is the Public Key.
The Benefits of DKIM
SPF and DKIM both share the same as an important attribute – the end users do not need to change their behavior. This makes it easy to deploy DKIM and SPF and as a result and are widely adopted. Those who want to authenticate their email are valued at signing DKIM.
Limitations of DKIM
SPF and DKIM are not the complete solution for email authentication. In fact, their limitations make energy for the development of DMARC – the only way to notify email recipients that mails they send to email senders are from them
Along with DKIM and SPF, there is no way to provide reliable means of authenticating how to maintain validity through email. And there is no way for email recipients to notify senders. In addition, based domains are deeply digested in message headers and are easily visible to a common user.
Should I use these methods ?
Of course … but caution. These methods will definitely have a big impact on the war against SPAM, and they will be for more and more domains, and they all become better.
However, even with these methods, Spam is still running multiple accounts of email security, which guarantees a clean and secure email feed, so do the spam, compromised accounts, hosting email servers, and misconfigured servers.To get better email administrators, you must implement all the email authentication standards available to you.