Email Security
History of Email
The first email was sent in 1971 by Ray Tomlinson, a 1965 Massachusetts Institute of Technology (MIT) graduate. Tomlinson’s goal was to send messages to people on other computers. Computer Scientists could send messages to other people but on the same computer or to their mailboxes, which had to be printed out. Tomlinson found a way to send a message to another computer without needing to print it out — hence, the email. The email software developed to send an email was called SNDMSG. Tomlinson played a significant role in developing the first email standard, becoming the co-author of RFC-561 in 1973.
Sender Policy Framework
Sender Policy Framework (SPF) is a free email authentication technology that has been around since 2003. In summary, SPF contains a list of IP addresses permitted to send an email on behalf of a domain. DNS records are created upon registering a new domain through a registrar or hosting provider. The creation of a new domain will also create a zone file that encompasses DNS records. The DNS records contain important information regarding a domain like an assigned IP address, a hostname that points to another domain, an associated mail server, and more. One of the DNS records is a TXT record which contains DomainKeys Identified Mail (DKIM), Domain-based Message Authentication Reporting and Conformance (DMARC), and SPF.
Therefore, SPF is set on the sending domain to include allowed IP addresses for a particular domain. So ‘example.com’ will be checked by the recipient email server by checking the sender’s domain SPF records which include the allowed IP addresses. Therefore, third-party (e.g., marketers, sales) allowed users of ‘example.com’ must be included in the SPF record to not cause disruptions to email acceptance by email servers.
DKIM
DKIM is used with email security to ensure the integrity of the message, increases the domain reputation, and is used by DMARC to enforce email policy. DKIM signature is written in the TXT record in the domain’s DNS records and is used in email security by having an asymmetric key encryption method to prevent changing of messages during transit. The asymmetric key encryption uses a public key found in the DKIM signature with the help of the DKIM selector. The DKIM selector will let the inbound email server know to perform a DNS query to find the public key. Then the public key is used to decrypt the DKIM signature and verify the DKIM hash value to know if the email is valid and not been modified.
DMARC
DMARC was first published in 2012. DMARC is an open and free technical specification that authenticates email by aligning SPF and DKIM. By having DMARC in place, domain owners can help prevent business email compromise, spoofing, and phishing. DMARC can tell other email servers how to handle unauthorized use of an email address by having a governing policy in DMARC record. The three DMARC policies are:
P=none
Monitors email traffic. No further action is taken
P=quarantine
Sends unauthorized emails to the junk folder
P=reject
Does not allow the unauthorized email to get delivered at all
DMARC is based on SPF and DKIM. However, SPF or DKIM can fail, but an email can still pass due to misalignment. DKIM and SPF must be aligned with DMARC, also known as DMARC alignment. A perfect DMARC alignment is when DKIM, SPF, and DMARC align, and they all three agree and prevent an unauthorized email from being received. DMARC depends on the alignment between the domains allowed in SPF, the DKIM signature, and the DMARC policy to dictate what to do with an unauthenticated email. So, if a sending email server has SPF allowing ‘example.com’, DKIM signature includes ‘example.com’, then DMARC can authenticate the email. Misalignment occurs when the email header (the sending domain visible by end users), does not line up with the message SPF and DKIM domain, thus denying delivery or sending email to the junk folder if DMARC is set properly. This can help prevent spoofing; however, it can send legitimate emails to the junk folder if the email server policies are not set properly.
References
Bhushan, A. K., Pogran, K. T., Tomlinson, R. S., & White, J. E. (1973). Standardizing Network Mail Headers. Www.rfc-Editor.org. https://doi.org/10.17487/RFC0561
DNS Records Explained — Domain Name System Management | Domain.com. (n.d.). Www.domain.com. Retrieved September 18, 2022, from https://www.domain.com/help/article/dns-management-dns-records-explained
SPF DKIM and DMARC Explained With ISP Support. (n.d.). Netcorecloud.com. Retrieved July 20, 2022, from https://netcorecloud.com/tutorials/spf-dkim-dmarc/#:~:text=SPF%20DKIM%20and%20DMARC%20are
Swatman, R. (2015, August 19). 1971: First Ever Email. Guinness World Records. https://www.guinnessworldrecords.com/news/60at60/2015/8/1971-first-ever-email-392973
What is DMARC? (2020, March 4). SendGrid. https://sendgrid.com/blog/what-is-dmarc/
What is SPF for Email and How Does It Work? (2021, April 27). Agari. https://www.agari.com/email-security-blog/what-is-spf/
What is DMARC and Why use DMARC for Email? (n.d.). Dmarcian. https://dmarcian.com/why-dmarc/
