90% of network attacks occur via email and it can be hard to tell if an email is real or fake. Domain owners need to prevent unauthorized use from phishing, spoofing and Business email compromise. DMARC can help determine if email is legitimate or not by performing both SPF and DKIM checks.
Why publishing an SPF Record isn’t enough anymore
SPF (Sender Protection Framework) provides a check to confirm if a sender is permitted to send on behalf of a domain. If an email fails the SPF check then the spam policy determines what to do with that message. However, SPF alone is no longer enough to prevent spoofing. There are techniques that SPF cannot protect against which is why you should also configure DKIM and DMARC.
What added protection will be achieved by publishing a DKIM Record
DKIM (DomainKeys Identified Mail) attaches a digital signature to the header of an outbound email message which allows inbound servers to verify the mail is in fact coming from your domain. A public key is published to your DNS, but your emails use a private key to encrypt the header in your outbound email. A receiving mail server decodes the private key in your message header to confirm that it matches your public key and verifies if your email is legitimate or not.
How DMARC uses SPF and DKIM to prevent phishing and spoofing
DMARC (Domain-based Message Authentication, Reporting, and Conformance) works with your SPF and DKIM to ensure that your outbound messages are trusted by the receiving domains. DMARC also verifies if inbound messages are real or fake and prevents against spoofing and phishing campaigns.