Latest News

You might already know that ‘SPF’ means protection, but chances are that you’re thinking of sun protection and sunscreen! The term SPF is also highly relevant to you and your digital communications, and how you can protect them.

Before getting into SPF, we have to understand email authentication. Email authentication is a set of protocols and standards that are used by service providers to verify the identity of the sender of an email. There are three key protocols here:

• Sender Policy Framework (SPF): acts like an envelope that identifies which servers are allowed to send emails on behalf of your domain.
• DomainKeys Identified Mail (DKIM): adds a digital signature to the email to verify that it came from a trusted source and that its contents have not been tampered with.
• Domain-based Message Authentication, Reporting and Conformance (DMARC): provides a confirmation service to ensure that the email arrived at its intended destination unaltered.

In this article we deep dive in to SPF, DKIM and DMARC as it relates to your cyber security, emails and communications.

Why is email authentication important? 

As with most things related to cyber security, prevention is cheaper and simpler than a cure. And implementing email authentication is important for businesses like yours because it helps to prevent email fraud and phishing attacks before they can even get in a position to threaten your systems and data. 

By verifying the identity of the sender, email authentication can help to ensure that emails are not tampered with, and can help to prevent malicious emails from reaching company inboxes in the first place.

In addition to preventing fraud and phishing attacks, implementing email authentication can also help to ensure your outbound emails land in the inboxes of the intended recipients. This occurs because by establishing a trusted identity, businesses can improve their email reputation and reduce the likelihood that their emails will be marked as spam or blocked by email filters.

What is SPF and how does it work?

As we touched on earlier, Sender Policy Framework (SPF) is an email authentication protocol. It means that email recipients can verify that the sender of an email is authorised to send messages on behalf of a particular domain. SPF works by allowing domain owners to publish a list of IP addresses that are authorised to send emails on behalf of their domain. 

It’s somewhat similar to being able to see the phone number of an incoming call on your phone. If it’s a local area code at the beginning, you are more likely to accept the call. However, if the numbers indicate that the call is coming from Romania or Peru (and you don’t have family or friends there!) you might not pick up. SPF does this filtering process for email automatically, only allowing trusted IP addresses associated with certain domains through. 

If the IP address is authorised, the email is delivered as usual. If the IP address is not authorised, the email may be marked as spam or rejected altogether. As a result, SPF is an effective way to prevent email fraud and phishing attacks, as it makes it more difficult for attackers to spoof the sender of an email. 

What are the limitations of SPF?

SPF is a useful tool for authenticating emails and reducing spam and phishing but it does have some limitations that businesses should be aware of.

The first limitation of SPF is that it only checks the envelope sender and not the message contents. This means that SPF cannot verify the authenticity of the message itself or the message headers, such as the From or Reply-To fields. As a result, SPF alone may not be enough to protect against all types of email fraud and phishing attacks.

A second limitation of SPF is that it can be bypassed by attackers who use email spoofing techniques. This involves digitally ‘forging’ the ‘From’ or ‘Reply-To’ fields of an email. In these cases, the attacker may use a legitimate domain that has published an SPF record, but the email is still fraudulent because it was not sent by an authorised sender. SPF alone cannot prevent these types of attacks. To address these weak spots, an additional email authentication tool like DKIM needs to be used. 

What is DKIM and what are the benefits of DKIM?

DKIM, which stands for Domain Keys Identified Mail, is an email authentication protocol that helps to verify the authenticity of an email message. It works by allowing the receiver to check that the message was sent by a trusted sender and that the message contents have not been tampered with during transmission.

DKIM works by adding a digital signature to the header of the email message using a private key that is owned and controlled by the domain owner. The email server of the recipient then accesses a second ‘key’ so that it can verify the embedded digital signature and authenticate the message.

When an email message arrives at the recipient's mail server, the server uses the second key to verify the signature in the email header. If the signature is valid, this indicates that the email was not tampered with during transmission and that it was sent by a trusted sender.

Benefits to implementing DKIM include:

• Improved Reputation: Implementing DKIM can also help businesses improve their email reputation, which can have a positive impact on email deliverability and response rates. 
• Increased Deliverability: DKIM can help improve email deliverability by ensuring that emails are not flagged as spam or rejected by receiving mail servers. Because DKIM provides a digital signature that verifies the authenticity of the email, receiving mail servers are more likely to trust the message and allow it to be delivered to the recipient's inbox.
• Reduced Phishing: DKIM can help reduce the risk of phishing attacks by helping to prevent cyber criminals from spoofing email addresses and impersonating legitimate senders, which is a common tactic used in phishing attacks.

Many layers of protection

If it’s a really cold day and you’re going to be spending time outdoors, you’re unlikely to just grab a jumper. You’ll probably want to get a decent base layer (thermals), thick socks and even a beanie to go with that jumper. Multiple layers of complementary tools help to give a broader level of protection. It’s the same with these email protection tools. 

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that is designed to give domain owners control over how their email messages are handled by receiving mail servers. 

Like those cold weather layers, DMARC builds on top of SPF and DKIM to provide an additional layer of protection against email-based attacks such as phishing and email spoofing.

Key takeaways

We all use email every day, but not many of us think too hard about the layers of protection that are embedded into that system. And because we don’t think about them, it’s all too easy to have sub-optimal (or totally missing) settings that make us more susceptible to attack from malicious hackers and criminals.

If you’d like a comprehensive assessment of your email security protocols or any other part of your digital infrastructure, CyberUnlocked has the experience and track record with businesses like yours to help with those needs.