Email
Protection Best Practices: SPF, DKIM and DMARC
As Zimbra Collaboration is a central communication hub for
your business, it needs to be protected and secured. Zimbra Collaboration
contains multiple antispam features like SpamAssassin, Amavis-d, etc.
But, how do you protect against spoofing? How do we
ensure outgoing emails are not going into the junk folder of
recipients using other platforms like Google Apps, Outlook 365, etc.
?
Around an Email Server have always external security methods
to protect the outgoing emails, like SPF, DKIM, DMARC, rDNS:
SPF & SenderID
Sender Policy Framework(SPF) is an email validation system, designed
to prevent unwanted emails using a spoofing system. To check this common
security problem, SPF going to verify the source IP of the email and compare it
with a DNS txt record with a SPF content.
Since it was derived from SPF, Sender ID can
also validate the MAIL FROM. But it defines the new PRA identity to validate,
and defines new sender policy record tags that specify whether a policy covers MAIL
FROM (called MFROM by Sender ID), PRA, or both. For more
information about SenderID, please visit OpenSPF.org.
DKIM
DomainKeys IdentifiedMail (DKIM), is a method to associate the
domain name and the email, allowing to a person or company assume the
responsibility of the email.
DMARC
Domain-based MessageAuthentication, Reporting & Conformance (DMARC) is a technical specification created by a group of
organizations that want to help reduce the potential for email-based abusing by
solving a couple of long-standing operational, deployment, and reporting issues
related to email authentication protocols.
DMARC standardizes how email receivers perform email
authentication using the well-known SPF and DKIM mechanisms. This means that
senders will experience consistent authentication results for their messages at
AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We
hope this will encourage senders to more broadly authenticate their outbound
email which can make email a more reliable way to communicate.
rDNS
The reverse DNS (rDNS) resolution is a determination of the domain name that is
associated to an IP. Some email companies like AOL, for example, will reject
any email that doesn’t have a valid rDNS.
0 comments:
Post a Comment