Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication Reporting and Conformance (DMARC) are email authentication methods. They help authenticate users who send emails, by checking that the emails came from the domain that they claim to be from. These authentication methods prevent spam, phishing attacks and other email security risks.
AODocs uses SPF, DKIM and DMARC
All email notifications sent by AODocs use the SPF, DKIM and DMARC email authentication methods.
How does SPF work?
SPF records list all the IP addresses of all the mail servers that are allowed to send emails from your domain. Mail servers that receive an email message can check it against the SPF record before passing it on to the recipient's inbox.
How does DKIM work?
DKIM lets domain owners automatically "sign" emails from their domain. The DKIM "signature" is a digital signature that uses cryptography to check that the email came from the domain.
DKIM uses public key cryptography:
1. A DKIM record stores the domain's public key, and mail servers receiving emails from the domain can check this record to obtain the public key.
2. The private key is kept secret by the sender, who signs the email's header with this key.
3. Mail servers receiving the email can check that the sender's private key was used, by applying the public key.
How does DMARC work?
Note: DMARC requires DKIM or SPF to be in place on an email sender domain and a DMARC record to be published in the Domain Name System (DNS).
DMARC tells a receiving mail server what to do after checking SPF and DKIM. A domain's DMARC policy can be set in a variety of ways. For example, if emails fail SPF or DKIM (or both), it can instruct mail servers to:
- quarantine emails – these are typically delivered to recipients’ spam folders
- reject emails
- deliver emails
DMARC policies are stored in DMARC records. A DMARC record can also contain instructions to send reports to domain administrators about which emails passed and failed the checks. DMARC reports give administrators the information they need to decide how to adjust their DMARC policies – for example, what to do if legitimate emails are erroneously getting marked as spam.