The Anatomy of DMARC: DKIM & SPF – An Email Authentication Guide

Ralph Lentz
Feb. 15, 2013 by Ralph Lentz

Just over a year ago a group of the Internet’s biggest companies announced the Domain-based Message Authentication, Reporting and Conformance (DMARC) working group, an industry-based approach to combatting spam, phishing and other forms of messaging abuse. And on the one-year anniversary last week, DMARC.org announced a rather remarkable accomplishment: the DMARC standard now protects almost two-thirds of the world’s 3.3 billion consumer mailboxes worldwide. The DMARC announcement also noted that the new standard was responsible for blocking 325 million unauthenticated messages in November and December 2012 alone.

Here at Message Systems, we’ve always made it a point to place email security and marketing best practices at the center of all that we do. It’s why we were one of the first email technology providers to throw our support behind DMARC, and why we continue working to help Message Systems customers get up to speed with authentication best practices in general and DMARC specifically. There are lots of great information resources for getting up to speed on implementing DMARC. Here’s a few from the Message Systems community:

DKIM

Our partner, ReturnPath has created a 101 Guide on creating a DKIM record, Protecting Your Brand From Phishing: How to Create a DKIM Record. Here is a summary of the steps to be taken:

  1. Inventory all of your sending domains.
  2. Install and configure DKIM on your email server.
  3. Create a public and private key pair. 
  4. Publish your public key.
  5. Store your private key.
  6. Configure your email server
  7. Test

SPF

As part of that same series, ReturnPath also has a guide to SPF email authentication, Protecting Your Brand From Phishing: How to create your SPF record. Here are the 4 steps you have to take:

  1. Determine the domains that your email campaigns are sent from
  2. Gather the IP addresses that are used to send the emails
  3. Create your SPF record
  4. Publish your SPF to DNS

These steps are covered in a lot more detail in the entries above, so we’d recommend hopping over to check those entries out.

DMARC

Additionally, Franck Martin, Postmaster at LinkedIn and a long-time friend of Message Systems, has developed a set of scripts for implementing DMARC on the Momentum platform. He’s made these scripts available online at GitHub. They provide an elegant solution for filtering incoming emails and rejecting those that fail DMARC. Franck has also developed other tools and scripts for managing and monitoring a Message Systems Momentum cluster.

Thanks Franck for these great resources!

If you’d like to find out more about DMARC, download the How DMARC Is Saving Email eBook!

How DMARC Is Saving Email

Share your Thoughts

Your email address will not be published.

Related Content

Operating DNS on the AWS Network: Challenges and Lessons

Learn how our team worked with AWS to address a challenging DNS performance issue—and tips for troubleshooting with the AWS support team.

read more

Premium Service Offerings: What Our TAMs Can Do For You

Sending email isn't always smooth sailing. Our TAMs provide tailored premium support to customers navigating the tricky world of email deliverability.

read more

DKIM Validation: An Email Authentication Best Practice

An overview of DKIM validation including how to sign and validate work, interpreting DKIM signatures, what DKIM public keys look like and more.

read more

Start sending email in minutes!

The world’s most powerful email delivery solution is now yours in a developer-friendly, quick to set up cloud service. Open a SparkPost account today and send up to 100,000 emails per month for free.

Send 100K Emails/Month For Free

Send this to a friend