What is SPF?

Sender Policy Framework (SPF) is used to authenticate the sender of an email. An SPF record is published in a domain’s DNS record. The record is a list of all the IP addresses or domains that are allowed to send email on behalf of the domain. With an SPF record in place, ISPs can verify that a mail server is authorized to send email for a specific domain. If a domain publishes an SPF record, spammers and phishers are less likely to forge emails pretending to be from that domain, because the forged emails are more likely to be caught in spam filters which check the SPF record.  

What is DKIM?

DomainKeys Identified Mail (DKIM) is an open standard for email authentication that is used for the authentication of an email that is being sent. A DKIM record is added to the DNS record of the sending domain and will contain a public key that is used by receiving mail servers to verify a message’s signature. The key is often provided by the organization that sends the email, for example, Microsoft 365 or Emma. DKIM gives emails a signature header that is added to the email and secured with encryption. Each DKIM signature contains all the information needed for an email server to verify that the signature is real, and it is encrypted by a pair of DKIM keys. These signatures travel with the emails and are verified along the way by the email servers that move the emails toward their final destination. When an inbound mail server receives a message, it will detect the DKIM signature and look up the sender’s public DKIM key in DNS. If the key is found, it can be used to decrypt the DKIM signature. This is then compared to the values retrieved from the received mail and if they match, the DKIM is valid.

What is DMARC Alignment?

Alignment refers to the relationship between the domain in the From Header address of a message and the domains associated with SPF and DKIM authentication checks. Alignment requires that these domains match and only emails that are aligned can pass DMARC. It’s important to understand that neither SPF or DKIM, on their own, have anything to do with a message’s From address, which is what people typically see on an email. This is why phishing and spoofing run rampant today; there are very few controls that prohibit bad actors from sending an email as you. The primary control to observe and restrict email domain usage is DMARC. Alignment is at the heart of DMARC and it is what makes the connection between the authentication mechanisms of SPF and DKIM and the enforcement policy for unauthenticated mail as dictated in the DMARC record.  

What are the benefits of DMARC?

Security: DMARC helps the email community establish a consistent policy for dealing with messages that fail to authenticate. This helps the email ecosystem as a whole become more secure and trustworthy.

Visibility: DMARC reports increase visibility into your email services by letting you know who is sending email from your domains.

Deliverability: The indirect results of implementing a good DMARC record have a positive effect on deliverability. Having valid SPF and DKIM authentication in place, with the identifiers aligned (the underpinning of DMARC) helps your emails reach inboxes. It is quite common for senders that do not have SPF, DKIM or both to not get their emails delivered or to have them throttled.

Reputation: Publishing a DMARC record protects the UWM brand by preventing unauthenticated parties from sending mail from UWM domains. In some cases, simply publishing a DMARC record can result in a positive reputation bump.