DMARC and SPF

Everyone knows those messages that seem from your bank, but are not. These are called phishing emails. Criminals try to steal identity or payment information. There are various techniques with which you can demonstrate to the recipient that your mailings are not phishing mails.

SPF and DMARC are techniques that validate the sending address and the sending server (platform where the mail is sent from). It reduces the SPAM score of your mailings as e-mail servers increasingly expect your mails to be properly secured. So this benefits your delivery. SPF is the most common technique and DMARC is the most extensive technique of which SPF is a part. DMARC is the best guarantee against phishing. Banks generally use DMARC.

SPF

SPF stands for Sender Policy Framework and this technique ensures that a mailing that is sent on behalf of a sender (e.g. Spotler) is authorized by the owner or manager of the reply address (your organization). It is possible to set only SPF as the authentication technique, but it is also part of the authentication technique DMARC.

Interesting articles:
How do I set an SPF record?

DMARC

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. DMARC is the best guarantee against phishing because DMARC is a policy for requiring authentication. It is an extra guarantee that you indicate that your mailings are protected with SPF and DKIM.

With SPF (Sender Policy Framework) you indicate that Spotler is authorized to send emails on behalf of your organization. A receiving mail server will check the SPF record in the DNS of the domain of your organization. With DKIM, the abbreviation for Domain Keys Identified Mail, your mailing signs with a digital signature and a key. A receiving mail server will always check this key in the DNS of your company's domain.

If mailings are sent without SPF and DKIM, DMARC will report this back to you. This gives you insight into -possible- abuse of your domain name.

Depending on how DMARC is set up, the sent mail will be:

  • decline
  • quarantined
  • delivered

Interesting articles:
How do I set up DMARC?