DMARC, SPF and DKIM ensuring better cyber security

We give you an overview of the features associated with your email and explain the collaboration that ensures spam and phishing don't end up in your inbox.

24-01-2023 - 6 minute read. Posted in: awareness.

DMARC, SPF and DKIM ensuring better cyber security

Here we provide an overview of the essential tools: DMARC, DKIM and SPF. All three tools are incorporated into your email and they work together to create a secure environment in your inbox.

DMARC: The net that catches phishing

DMARC is short for Domain-based Message Authentication, Reporting and Conformance. It is simply a security standard implemented in your email server that prevents fake emails from reaching the recipient. This could include phishing emails and emails that have been tampered with before reaching the recipient.

There are many different factors that come into play when DMARC sorts and detects fake emails. These include:

  • The number of special characters.
  • The content of the email and whether there are specific keywords in the subject field.
  • The ratio of image to text in the email.
  • Various unsubscribe links if it comes from a company. Here it could possibly be newsletters.
  • Whether the sender has communicated with you in the past or if it is a new contact in your inbox.

DMARC also makes sure to check if there are other users who have reported a sender for phishing or spam, just to see if it is a potential hacker. The email and sender are thus assessed to determine which folder the email should end up in; if it is a real email and sender, it goes straight to your inbox. If it looks more suspicious, it will either end up in your spam filter, or the email and recipient will be rejected altogether and you will not receive the email.

DMARC is a free service that is incorporated into your email. This helps in the fight against the amount of hacker attacks and phishing emails that are sent out - and thus the amount of users who fall into the phishing trap.

DMARC is a feature based on DKIM and SPF which we review below. The three features work together to create the best cyber security in your email inbox and when sending emails to others.

DMARC can identify both you and the recipient, as well as check for misused domains. It cross-checks the information about the email - here SPF and DKIM form an additional safety net in this process.

You can also read more about DMARC in our post that goes into more depth about the feature.

DKIM: Domain Name Verification

DKIM is short for DomainKey Identified Mail and is a feature that authenticates emails. When DKIM is active in your email, it will add a digital signature, thus verifying the emails you send out. So recipients can know that you are a real person and that it is safe to open and read your emails.

The recipient also has a DMARC attached to their email, which means that your digital signature, and their digital signature, communicate and can then verify each other. The digital signature is invisible to both, but it's incorporated into DKIM and is a security measure that ensures you can be sure of the credentials of each other.

DKIM, like DMARC and SPF, is a free feature usually pre-installed in your email, otherwise you can easily install it yourself. It is a security layer that ensures you only receive emails from people who are genuine.

In short, DKIM creates an MTA (Mail Tranfer Agent) that is stored in a domain. It is then matched with a public key registered with the DNS (Domain Name System). The digital signature created by DKIM, decrypts the unique chain created by the MTA. Here, the value is examined, and thus checked to see if it is a legitimate domain.

It should be mentioned that DKIM verifies domain names and not email addresses per se; you can read our in-depth article on DKIM.

SPF: Validation of email servers

SPF is short for Sender Policy Framework, which is also a function that validates the email server. It stops spam from ending up in your inbox, thus reducing the risk of you clicking on a phishing email.

Like DKIM, SPF validates your email domain name, ensuring that you are a legitimate sender, so the recipient knows they can open and read your email. SPF, as well as DMARC, uses a DNS (Domain Name Service) to validate email addresses. SPF has hostname and IP address data that together verify domain names - while catching spam and phishing before it gets to you.

SPF can recognise domains and hostnames, which helps ensure an email's legitimacy. It identifies servers and domains that are authorised to send emails to users. So if an email is not approved by SPF, or if errors are reported on it, the email will not be sent to the recipient.

However, SPF has its limitations, which is also why the three features should optimally be in a collaboration on your email server. SPF verifies emails and domain names, but it cannot do this on forwarded emails. Therefore, a hacker could in principle send an email to a collaborator and forward it to bypass SPF's security net.

SPF also supports anti-spam software which is used on various messaging platforms (such as Messenger and Trustpilot), in addition to email. So there are many MTAs that transfer electronic messages between devices, and this is also supported by SPF.

You can learn more on SPF in our seperate blogpost.

Cooperation between the three security functions

So the basic engine of the trifecta of security layers is DMARC - it needs to have emails and domain names authenticated by either DKIM or SPF; optimally both of them to increase your email and inbox security. The approval must be done before the email can be forwarded to DMARC.

Next, the header information in the email and the domain name must match with Domain Alignment. This must match one of the two validation features that are in your email account (SPF or DKIM).

Thus, if DKIM fails an email or user where SPF validates it, Domain Alignment must make a match with SPF in order for DMARC to eventually validate the user and email. And if Domain Alignment can't make a match, it will be reported as an error and go to the spam filter, or the email won't reach the recipient.

So it's a filtered system that domain names and emails have to go through before it reaches the recipient. This ensures better cybersecurity, both for you sending the email, but also for those receiving it. Doing this, you'll optimise your email-behaviour as well as improving your awareness training.

Author Caroline Preisler

Caroline Preisler

Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.

View all posts by Caroline Preisler

Similar posts