Understanding DMARC, SPF, and DKIM: Email Security Explained

By /

Listen to this Post

Featured Image
Email security is critical in preventing phishing, spam, and domain spoofing. Three key protocols—SPF, DKIM, and DMARC—work together to authenticate emails and protect domains from abuse.

  1. SPF (Sender Policy Framework) – Authorized Email Senders
    SPF acts as a whitelist of servers allowed to send emails on behalf of your domain.

How SPF Works:

  • A DNS TXT record lists authorized IPs.
  • Receiving servers check if the sender’s IP matches the SPF record.

SPF Record Example:

v=spf1 ip4:192.0.2.0/24 include:_spf.google.com ~all

– `v=spf1` – SPF version.
– `ip4` – Authorized IPv4 range.
– `include` – Allows another domain’s SPF (e.g., Google Workspace).
– `~all` – Soft fail (mark as suspicious if not listed).

🔹 Check SPF Record:

dig TXT example.com
  1. DKIM (DomainKeys Identified Mail) – Email Integrity Check
    DKIM adds a digital signature to verify that an email wasn’t altered in transit.

How DKIM Works:

  1. The sender signs the email with a private key.
  2. The recipient validates it using the public key published in DNS.

DKIM Record Example:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...

🔹 Verify DKIM:

dig TXT selector._domainkey.example.com
  1. DMARC (Domain-based Message Authentication, Reporting & Conformance) – Policy Enforcement
    DMARC tells receiving servers what to do if SPF or DKIM checks fail.

DMARC Policy Example:

v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]

– `p=none` – Monitor only.
– `p=quarantine` – Mark as spam.
– `p=reject` – Block the email.
– `rua` – Aggregate reports.
– `ruf` – Forensic reports.

🔹 Check DMARC Record:

dig TXT _dmarc.example.com

You Should Know:

1. Testing SPF, DKIM, and DMARC

 Install SPF/DKIM tools on Linux:
sudo apt install opendkim opendkim-tools postfix

Test SPF: 
nslookup -type=TXT example.com

Test DKIM: 
opendkim-testkey -d example.com -s selector -vvv

Test DMARC: 
nslookup -type=TXT _dmarc.example.com

2. Enforcing DMARC in Postfix

 Edit Postfix config: 
sudo nano /etc/postfix/main.cf

Add DMARC policy check: 
smtpd_milters = inet:127.0.0.1:8891 
non_smtpd_milters = inet:127.0.0.1:8891 
milter_default_action = accept

3. Automating Reports with Python

import dmarcreportparser

report = dmarcreportparser.parse("dmarc_report.xml") 
print(f"Domain: {report.domain}, Pass Rate: {report.pass_rate}%")

What Undercode Say:

Implementing SPF, DKIM, and DMARC significantly reduces email fraud. Use `dig` for DNS checks, OpenDKIM for signing, and Postfix for enforcement. Monitor DMARC reports to detect phishing attempts early.

🔹 Key Commands Recap:

 Check DNS records: 
dig TXT example.com 
dig TXT selector._domainkey.example.com 
dig TXT _dmarc.example.com

Test email security: 
telnet mail.example.com 25 
openssl s_client -connect smtp.example.com:465 -starttls smtp

🔹 Prediction:

As AI-driven phishing increases, DMARC adoption will rise by 40% in 2025, making email authentication mandatory for enterprises.

Expected Output:

A secure email setup with SPF, DKIM, and DMARC reduces phishing risks. Use the provided commands and configurations to enforce email security. 🚀

References:

Reported By: Oerraji Je – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: