Back to course

Email Security and DMARC/SPF

Cyber Security Mastery: From Zero to Hero

Protecting Against Email Spoofing

Email is the primary vector for phishing and malware delivery. Preventing attackers from sending emails that appear to come from your domain is critical.

Key Email Security Protocols (DNS Records)

  1. SPF (Sender Policy Framework): A DNS record that specifies which IP addresses are authorized to send email on behalf of your domain. If an email comes from an unauthorized IP, the recipient mail server can reject it.

  2. DKIM (DomainKeys Identified Mail): Uses cryptographic signing (public/private key) to verify that an email was not tampered with during transit and genuinely originated from the claimed sender.

  3. DMARC (Domain-based Message Authentication, Reporting, and Conformance): Tells the receiving server what to do if an email fails SPF or DKIM checks (e.g., 'Quarantine it' or 'Reject it'). It also provides feedback reports to the domain owner.

Implementing all three is the standard defense against email spoofing and business email compromise (BEC) attacks.