Email DNS Records…  

Written By: Jason Francis
Published On:

What is DMARC, What is DKIM and What is SPF?  

What is DMARC, What is DKIM & What is SPF? DMARC, DKIM and SPF are public records that help the world to know that emails being sent from your organisation are real.  When properly implemented and widely adopted, they will vastly reduce the amount of unsolicited or spam email that gets delivered to email-boxes. 

What is DMARC? 

Let’s start with what DMARC stands for.  It stands for Domain-based Message Authentication, Reporting and Conformance.  DMARC allows the owner of an internet domain to tell the world what should happen if an email claims to be sent from their organisation, but it isn’t.  It’s a set of instructions to the rest of the world, to say whether fake emails should be Quarantined, Rejected entirely, or delivered directly to the email box it was intended to go to.  In essence, DMARC acts as a gatekeeper or goalkeeper, trying to keep phishing and malware emails from landing in the inbox. 

DMARC uses DNS to publish the information as described above.  Because of this, nearly all email systems are able to understand how email from your domain should be processed.  This applies whether it’s an email system provided by the likes of Microsoft or Google, but also smaller providers too. 

By itself, DMARC isn’t really any use to anyone.  It is one part of a wider set of policies that make the system operate correctly.  DMARC works with DKIM and SPF to properly authenticate a message and determine what to do with it.  The DMARC record essentially is a set of instructions about the next steps to the receiving email system.  More about DKIM below. 

What is DKIM? 

Let’s start with what DKIM stands for.  It stands for DomainKey’s Identified Mail.  It is a kind of ‘handshake’ or ‘encryption’ technique that allows the person / business SENDING an email to offer the RECIPIENT their word, that the email is valid and can be vouched for.  The way it works is that a DKIM signature is added to the outbound message by the sender.  When the recipient’s email system receives the message, the system can compare the signature to the publicly available DKIM information (key) that decodes it.  If the message is successfully decoded, then the recipient should be able to be sure that the message came from the proper sender and deliver it to the user’s inbox.  If the message can’t be decoded, other decisions can be made such as quarantining the email or deleting it entirely (or something not so black and white, like checking it with other methods). 

DKIM is in essence a way for you to ‘protect’ your brand. By making sure that you are sending email in a way that the recipient is able to be sure it’s you, they can also be sure that it’s not you if a bad actor tries to ‘spoof’ or ‘pretend’ that they are you. 

What is SPF? 

Let’s start with what SPF stands for.  It stands for Sender Policy Framework.  It’s a way for a business to tell the world which places and systems have the authorisation to send email on behalf of their email domain.  The way it works is that the organisation creates a public DNS record that tells a recipient which systems and places are allowed to send.  When an email is received by a recipients email system, the system can automatically check the public record to see whether the email has authority to send as the domain it says it’s from.  If it does, then the message can be delivered straight to the inbox.  If it doesn’t, then the message can either be rejected or deleted by the recipient’s spam filter (or further checks can be made). 

In a typical business environment, many different Places (IP Addresses) will need to send emails (such as multiple business locations, employee’s own premises and so on).  Multiple systems will also need to send (such as Office 365, SalesForce, Finance Software amongst other things).  An SPF record therefore, usually contains multiple ‘allowed’ resource sections. 

Do I need them all? 

The answer is basically yes.  If you want the world to be able to properly accept email that is sent from your organisation (and perhaps more importantly reject email that hasn’t been sent by you), then you need your technical team to implement all 3 of these technologies as part of a whole strategy. 

What’s changing in relation to these technologies? 

Some of the biggest email platforms in the world are about to enforce policies that mean they won’t accept emails onto their platforms unless you have these technologies in place, if you want to send a large amount of email to them.  Currently Google and Yahoo are enforcing these policies from February 2024 but we are expecting more providers to jump on the bandwagon. 

At the moment, they are saying that they will enforce it for businesses wishing to send more than 5,000 messages via the platform. We definitely expect this number to reduce over the coming months and years as more organisations implement the right technologies. 

This change will push more and more companies to adopt DMARC, DKIM and SPF until the adoption of the technologies allow better security measures to become possible.  

How can ESP help? 

ESP have many staff that are well-versed in applying this type of configuration to our customers’ email domains.  If you are already an IT Support customer and we have control of your domain, we are well-placed to help you to implement the technologies. However, we will need to correspond with third party vendors on your behalf so ensure you talk to us as soon as you can as it can take some time.  If you are not an IT Support Customer or you don’t have your domain with us, we are still able to help, but our preference would always be to migrate your domain into our control so that we are able to better support the changes that are required.     

For those of you that are more technical or want to understand this more, there’s a great video below. This shows what ESP will have to do to configure these records – not a simple task!

Summary 

ESP is trying to be more than just your average outsourced IT Support provider (or MSP).  We are committed to ensuring that we offer best-in-class IT Support to all of our customers. To do this, we need to demonstrate that we have an excellent understanding of the technologies in use by businesses.  This article is part of a series of posts that help you to understand that we are providing better services than most other IT Providers.  This type of technology is very important, if you are to operate successful email systems and marketing campaigns.  Pick up the phone to talk to us about how it might affect you.   

You can find out more about ESP by visiting other areas of our site.  If you wanted to discuss the article in more detail, don’t hesitate to drop us a message via our Contact page.