SPF DKIM DMARC:Email Protection-Best Practice

Email Protection Best Practices: SPF, DKIM and DMARC

        

As Zimbra Collaboration is a central communication hub for your business, it needs to be protected and secured. Zimbra Collaboration contains multiple antispam features like SpamAssassin, Amavis-d, etc.

But, how do you protect against spoofing? How do we ensure outgoing emails are not going into the junk folder of recipients using other platforms like Google Apps, Outlook 365, etc. ?

Around an Email Server have always external security methods to protect the outgoing emails, like SPF, DKIM, DMARC, rDNS:

SPF & SenderID

Sender Policy Framework(SPF) is an email validation system, designed to prevent unwanted emails using a spoofing system. To check this common security problem, SPF going to verify the source IP of the email and compare it with a DNS txt record with a SPF content.

Since it was derived from SPF, Sender ID can also validate the MAIL FROM. But it defines the new PRA identity to validate, and defines new sender policy record tags that specify whether a policy covers MAIL FROM (called MFROM by Sender ID), PRA, or both. For more information about SenderID, please visit OpenSPF.org.

DKIM

DomainKeys IdentifiedMail (DKIM), is a method to associate the domain name and the email, allowing to a person or company assume the responsibility of the email.

DMARC

Domain-based MessageAuthentication, Reporting & Conformance (DMARC) is a technical specification created by a group of organizations that want to help reduce the potential for email-based abusing by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.

DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.

rDNS

The reverse DNS (rDNS) resolution is a determination of the domain name that is associated to an IP. Some email companies like AOL, for example, will reject any email that doesn’t have a valid rDNS.