SPF, DKIM & DMARC demystified
What do Diana Ross and emails have in common? Well, Diana famously once sang “Do you know where you’re going to?” This same question is asked daily by email servers attempting to deliver billions of emails.
If you don’t know your technical infrastructure with regards to your email ISP, domain management etc, then you are unaware of a whole potential raft of factors, above and beyond the scope of email design that impact significantly on whether that message is delivered at all. Much of this relates to network administration and the cryptographic way in which emails are authenticated and validated between servers, and designed to assist in the prevention of SPAM, phishing and spoofing attacks.
For any email campaign, deliverability is a major consideration and understanding a few things about your current set-up will give both an indication of potential risk as well as help to steer greater success from launch. These technical considerations include:
Sender Policy Framework (SPF) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.
SPF allows the receiver to check that an email claiming to come from a specific domain comes from an IP address authorised by that domain's administrators. The list of authorised sending hosts and IP addresses for a domain is published in the DNS records for that domain.
DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails, (email spoofing), a technique often used in phishing and email spam.
DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender's public key published in the DNS. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message's authors and recipients.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorised use, commonly known as email spoofing. The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing emails, email scams and other cyber threat activities.
Once the DMARC DNS entry is published, any receiving email server can authenticate the incoming email based on the instructions published by the domain owner within the DNS entry. If the email passes the authentication it will be delivered and can be trusted. If the email fails the check, depending on the instructions held within the DMARC record the email could be delivered, quarantined or rejected.
DMARC extends two existing mechanisms, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). It allows the administrative owner of a domain to publish a policy in their DNS records to specify which mechanism (DKIM, SPF or both) is employed when sending email from that domain; how to check the From: field presented to end users; how the receiver should deal with failures - and a reporting mechanism for actions performed under those policies.
Read more about causes of Deliverability issues:
Learn tricks and tactics to manage Deliverability here:
- Improve your email deliverability with these tried and tested tactics
- Take control of your deliverability with e-shot forensics
There are many technical elements to making sure your email marketing gets delivered, but the most important aspects of good deliverability relate to your data and your content. Learn about the five things you should be doing to keep your emails out of junk in our dedicated webinar.
Email marketing healthcheck
We are confident that we can help you, which is why we offer a free healthcheck to identify potential issues with your current programme and free advice on things that could be done to improve it.