Question

what are the DKIM, SPF and DMARC? How they work together, try to explain them on real raw/original e-mails?

Answer in details.

Answer 1

SPF (Sender Policy Framework), DKIM (Domain Keys Identity Management), and DMARC (Domain-Based Message Authentication, Reporting and Compliance) are three security controls that you can add to your email to make it more secure. They are records like DNS (Domain Name System) that can be added to your domain to tell email recipients which servers are allowed to send emails on your behalf and which are not and what to do with imposters.They enable you to prove that your emails are authentic and the content of the email has not tampered.

SPF, DKIM, and DMARC work together as-

1. SPF -

SPF is a DNS record that is added to your domain that tells email recipients which IP addresses or mail servers are allowed to send emails for your domain. Lets take an example of how SPF works .

Firstly, the domain owner must add the SPF record to their DNS authority like v = SPF ip1.1.1.1 include:other-domain-that-can-send-email.com -all . Here, the ip is the IP address(es) of your mail server which are allowed to send emails for your domain and include denotes the secondary domains that can send emails for you domain.The all tag tells the recipient server how to handle the emails.

Then the mail server receiving mail from your domain checks the DNS records.The address in the FROM field, is the address that the mail server will look up SPF records for. If the IP address is wrong, a hard fail occurs.
When the recipient mail server gets an email, soppose from @xyz.xyz, but the IP address the mail came from is not among the permitted ones, the recipient server will either reject the email or quarantine it.

When no SPF record exists, a soft fail happens. Usually, this will cause the email to go to the spam folder, but occasionally it could mean that the email is rejected.

2. A DKIM record is an email signing method that uses public-key cryptography for verifying that a message’s contents are trustworthy. While SPF deals with the authenticity of an email’s source, DKIM ensures its contents haven’t been altered by any unauthorized third party. It does this by attaching a DKIM signature to outgoing messages, which receiving email systems use to discern if the email’s content has been changed.

As it uses public-key cryptography so, the email sender publishes their public key as a DNS record with their domain registrar. Then, when an email is sent, a special signature is added inside of the email header.
This signature is made by using the private key to hash the email from address and the body.
When the recipient does the same thing using the public key, they can tell if someone has tried to tamper with the email in transit.

3. DMARC builds on both SPF and DKIM by providing additional security and reporting capabilities. It enables owners to take remedial action if any unauthorized messages are being sent. In short, a DMARC record is an email security control that is added via DNS to tell your email recipients how they should handle emails that fail SPF or DKIM. It is really a way that email senders can help cut down on spam and spoofing. It provides a way for email senders to specify what should happen with emails that fail SPF and DKIM checks. Let's take an example to undertand it . Suppose when any email server receives an email, they first check to see if a DMARC record is in place. Then, it proceeds to check SPF and DKIM. If either fail, the email server will take appropriate measures depending on the DMARC’s specifications.