When it comes to email security, SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are two important terms. But what do they mean, and how do they work together? Let’s break it down.
What is SPF?
SPF is a way of checking that an email was sent from a domain that is authorized to send it. It does this by checking the IP address of the sender against a list of IP addresses that are allowed to send emails from that domain.
How Does DMARC Use SPF?
DMARC uses SPF to check the ‘From’ domain in the email. It can do this in two ways: ‘strict’ mode or ‘relaxed’ mode.
In relaxed mode, DMARC checks that the SPF-authenticated domain and the ‘From’ domain have the same Organizational Domain. An organizational domain is the domain that was registered with a domain name registrar.
In strict mode, DMARC checks for an exact match between the SPF-authenticated domain and the ‘From’ domain.
Examples
Let’s say you receive an email with a ‘From’ address of ‘[email protected]’, and the email passes an SPF check with a ‘MailFrom’ domain of ‘cbg.bounces.example.com’.
In relaxed mode, DMARC would consider the SPF-authenticated domain and the ‘From’ domain to be ‘in alignment’, because the organizational domains (‘example.com’) are the same.
In strict mode, this test would fail, because the SPF-authenticated domain (‘cbg.bounces.example.com’) doesn’t exactly match the ‘From’ domain (‘[email protected]’).
Future Extensions
If DMARC is extended in the future to include other authentication mechanisms, these extensions will need to allow for checking the domain identifier against the ‘From’ domain. This is to make sure that the email really was sent from the domain it claims to be from.
Was this helpful?
0 / 0