SPF (Sender Policy Framework) is an email authentication standard that allows the owner of a domain to specify which email servers are allowed to send email on behalf of that domain. This standard uses the domain in the email’s “Return-Path” header (also referred to as the “Envelope From” address).
You can use this external tool to verify an SPF record.
The SPF is a technique that, to a certain extent, enables you to make sure that the domain name used in an email is not forged. When a message is a received from a domain, the DNS server of the domain is queried. The response is a short record (the SPF record) that details which servers are authorized to send emails from this domain. If we assume that only the owner of the domain has the means to change this record, we can consider that this technique does not allow the sender address to be forged, at least not the part from the right of the “@”.
In the final RFC 4408 specification, two elements of the message are used to determine the domain considered as the sender: the domain specified by the SMTP “HELO” (or “EHLO”) command and the domain specified by the address of the “Return-Path” (or “MAIL FROM”) header, which is also the bounce address. Different considerations make it possible to take into account one of these values only; we recommend making sure that both sources specify the same domain.
Checking the SPF provides an evaluation of the validity of the sender’s domain:
It is worth noting that records made at the level of the DNS servers can take up to 48 hours to be taken into account. This delay depends on how often the DNS caches of the receiving servers are refreshed.
DKIM (DomainKeys Identified Mail) authentication is a successor to SPF. It uses public-key cryptography that allows the receiving email server to verify that a message was in fact sent by the person or entity it claims it was sent by, and whether the message content was altered in between the time it was originally sent (and DKIM “signed”) and the time it was received. This standard typically uses the domain in the “From” or “Sender” header.
DKIM comes from a combination of the DomainKeys, Yahoo! and Cisco Identified Internet Mail authentication principles and is used to check the authenticity of the sender domain and guarantee the integrity of the message.
DKIM replaced DomainKeys authentication.
Using DKIM requires some prerequisites:
Learn more on DKIM prerequisite when using Campaign Classic in this section.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is the most recent form of email authentication, and it relies on both SPF and DKIM authentication to determine whether an email passes or fails. DMARC is unique and powerful in two important ways:
DMARC can leverage the reports generated by 250ok.