x

📑context/🎯todo 📑context/💡idea/blog #🏷️topic/💾software
spf: sender policy framework

  • checks envelope from domain dns record to ensure the mail server is allowed to send for that domain

dkim: domainkeys identified mail

  • signs some parts of message (not envelope), pulling public key from header from domain

dmarc: domain-based message authentication, reporting and conformance

  • “alignment” is where header from is “aligned” to the values of EITHER the envelope from (spf) or dkim d=
    • dkim can sign anything using selectors from any domain, dmarc is what links the chosen d= value to the header from, and policies determine if it has to be exact or subdomains can be used
    • without dmarc, mail services are left to their own devices if they trust a dkim signature d= or not
    • mail forwarding and message lists can result in broken SPF if ARC is not used; without dmarc this could result in the SPF policy applying over dkim if present
  • dmarc passes if either spf or dkim is aligned and passes itself

Tags

Left-click: follow link, Right-click: select node, Scroll: zoom
x