Category: E-Mail

No comments

SPF, DKIM & DMARC – A triple band aid

  By ,

Following on from my previous article and because I’ve got to write this anyway I thought I’d take a look at the roles of SPF, DKIM and DMARC for people who don’t really need to know the technicalities. There are many articles out there that cover the technical workings of SPF, DKIM and DMARC and some looking at them all together. Hopefully I’m not going to cover the same ground as those too much. Hopefully though this will provide a reasonable over view of what these records are trying to achieve and how they work together. Firstly the problem all of these things are trying to solve is that e-mail is insecure and easily abused. This is in part because it was designed in an earlier more trusting time and in part because it is designed to allow anyone to reach out and contact anyone else. Much like telephones if… Continue reading

No comments

A possible issue with SPF

  By , ,

This problem may already have been addressed, and I’ve no doubt that other people have also given it thought – but I’ve not been able to find any information pertaining to it, so if it has the answer hasn’t been widely disseminated. However I think there is an issue with how SPF relates to non-mail servers and non-existent sub-domains. First a bit of background though – the purpose of SPF is to prevent sender address forgery and correctly configured it does achieve this for domains and subdomains both for those you intend to send e-mail from and those you don’t. To prevent abuse of domains, and presumably sub-domains that you don’t send e-mail from the SPF FAQ advises that you: “Publish null SPF records for your domains that don’t send mail” http://www.openspf.org/FAQ/Common_mistakes#all-domains They acknowledge that there is a problem with people spoofing non-email sending domains, however the FAQ doesn’t mention… Continue reading

Tagged