SPF, DKIM, and DMARC

-

  SPFDKIM, and DMARC are key tools in email authentication. They work together to help prevent email spoofingphishing, and spam, making sure emails really come from who they claim to come from.

Let’s break them down in simple terms:

✅ SPF – Sender Policy Framework

What it does:
Verifies whether an email is sent from an authorized server for a domain.

How it works:

  • Your domain publishes a list of IPs/servers allowed to send email (in a DNS TXT record).

  • When an email arrives, the receiving mail server checks:
    ➜ “Is this server allowed to send mail for this domain?”

Example:
Your domain is example.com. You allow Microsoft 365 to send emails on your behalf. You publish an SPF record like:

ini
v=spf1 include:spf.protection.outlook.com -all


Increase domain reputation
Recipent server trust your email.

SPF is added as a TXT record.

✉️ DKIM – DomainKeys Identified Mail

What it does:
Adds a digital signature to the email to prove it hasn’t been tampered with and really comes from your domain.

How it works:

  • Your mail server signs outgoing emails with a private key.

  • Receivers use your public key (published in your domain’s DNS) to verify the signature.

This proves:
✔ The email content wasn’t altered
✔ It really came from your domain

DKIM does not encrypt the email concepts.

DKIM is added as CNAME record.

🛡️ DMARC – Domain-based Message Authentication, Reporting & Conformance

What it does:
Builds on SPF and DKIM to tell receiving servers what to do if an email fails those checks.

How it works:

  • You publish a DMARC policy in DNS:

    • none (monitor only)

    • quarantine (send to spam)

    • reject (block the message)

  • You can also get reports about who’s sending email using your domain (including fraudsters!)

Example DMARC record:

ini
v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; sp=reject


demarc ADDED AS txt RECORD

🔄 How They Work Together:

  1. SPF checks the sending server.

  2. DKIM verifies the integrity and authenticity.

  3. DMARC ties them together and enforces a policy.

🔐 Why Use Them?

  • Protects your brand from being spoofed

  • Reduces phishing attacks

  • Improves email deliverability

  • Helps emails avoid the spam folder

Popular posts from this blog

Autodiscover

-
  "Autodiscovery" (or  Autodiscover , more precisely in Microsoft terms) is a service that automatically configures email clients, mainly Outlook, to connect to mailboxes without users having to enter all the settings manually. 💡  What is Autodiscover? Autodiscover  is a Microsoft Exchange service that provides configuration information to email clients (like Outlook or mobile devices) so they can set themselves up with minimal user input. 🔧  What Does Autodiscover Do? When a user enters just their  email address and password , Autodiscover helps the client automatically find: Mail server addresses (Exchange or Microsoft 365) Mailbox settings Calendar and contact URLs Offline address book (OAB) settings Outlook Anywhere settings Unified Messaging (if used) Internal and external URLs 🧠  How It Works (Simplified Flow): User opens Outlook and enters their email address + password. Outlook sends a request to the  Autodiscover service : Tries a few ...
Read more

Azure Active Directory (Azure AD)

-
  Azure Active Directory (Azure AD)  is Microsoft’s  cloud-based identity and access management service , which is the cloud counterpart to the traditional  on-premises Active Directory (AD) . While  Active Directory (AD)  is designed for managing users, groups, and devices within an organization's  internal network ,  Azure AD  extends this functionality to manage identities across cloud-based resources, applications, and services. Azure AD helps organizations manage user access to cloud services (like  Office 365 ,  Azure services ,  third-party apps , etc.) and provides features like  Single Sign-On (SSO) ,  Multi-Factor Authentication (MFA) , and more — all while maintaining security and compliance in the cloud. Key Differences Between Active Directory (AD) and Azure Active Directory (Azure AD): Deployment Location : AD  is  on-premises , running in an organization's internal network. Azure AD  is...
Read more

Active Directory (AD)

-
   Active Directory (AD)  is a  directory service  developed by Microsoft to manage and organize a network's resources, such as users, computers, printers, and other devices. It’s a central component in managing permissions, security, and access control across the entire network. AD allows admins to control who can access what within the network and apply policies and settings consistently. Here’s a more detailed breakdown of  Active Directory : Key Features of Active Directory: Directory Service : It acts as a  centralized database  for storing and managing directory information (like users, computers, groups, and resources). It uses  LDAP (Lightweight Directory Access Protocol)  for communication between client machines and the server. User Authentication and Authorization : Active Directory ensures  only authorized users  and  computers  can access the network resources. It enforces  user policies  (like ...
Read more