SPF, DKIM, DMARC

Revision as of 12:26, 2 January 2018 by Wiki (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Once upon a time there were no spammers. SMTP servers were open to anyone, and validity of the sender information was not checked. People could forge sender's address just as easy as on a snail-mail envelope.

In 2001 first spammers appeared; that time their emails (mostly about genitalia enlargement) seemed unusual and funny. Nowadays it is no more fun: most of email sent is just spam and phishing. To limit spam, the following measures are taken:

  • No more open SMTP servers: unauthorized users can not send email.
  • SPF DNS records: domain owner may specify SMTP servers allowed to send emails from it.
  • DKIM public keys in the DNS records: every email is electronically signed, and target domains may check if an email has really been sent by the sender.
  • DMARC DNS records: domain may specify that any email that is sent from any hosts not allowed by the SPF record must be rejected.

It is essential that an email relay service supports all of these anti-spam features. Emails that do not support these technologies have higher probability to be classified as spam.

One can easily distinguish properly configured SMTP server by looking onto headers of an email. For example in gmail this is done by choosing the "Show Original" menu item.

For an email sent by a properly configured (e.g., FedEx) server one can see that all three technologies are supported:
Headers of an email sent by FedEx.
As a well-established company, FedEx sends all emails from its web site fedex.com; it also supports modern anti-spam technologies: SPF, DKIM, and DMARC.

Compare this with another email ended up in the Spam folder:
Headers of a spam.
Anti-spam technologies are unsupported in this email.

For our clients we configure email addresses name@yoursite.com; email is sent and received using SMTP and IMAP protocols, and all three anti-spam technologies are supported.