What are DMARC, DKIM and SPF? Why should your company adopt them?

Updated at: Jul 29, 2020
By Gatefy

Padlocks to represent DMARC, DKIM and SPF protocols.

DMARC, DKIM and SPF are email authentication and validation protocols. These are technologies that strengthen your company's email security and also improve your email deliverability. All of them must be deployed in the DNS of your domain name.

We won't lie. Deploying DMARC, DKIM and SPF may not be that simple. But it's very worthwhile and, to make it easier, there are tools that simplify the adoption of these protocols.

Once you understand the importance of SPF, DKIM and DMARC and how they complement each other and act on email protection, you realize that it's worth the investment in learning about them and how to adopt them.

To start, what is SPF?

Sender Policy Framework (SPF) is an email security protocol that allows the company to determine who can send email from its domain. In practice, your company specifies which IP addresses can send email from its domain.

SPF is widely used to prevent impersonation attacks, when someone tries to use your domain by pretending to be you. That is, it’s a great solution to fight phishing, social engineering and spam campaigns.

To learn more about SPF, visit openspf.org.

What is DKIM?

DomainKeys Identified Mail (DKIM) is an email protection protocol based on encryption. It ensures that the email's content is legitimate and authentic. That is, it wasn't compromised or violated.

In practice, DKIM works using a private key and a public key. The private key is used to encrypt a signature in the headers of outgoing emails. On the other hand, the public key, published in a domain's DNS, is used to decrypt the signature and verify the email's authenticity.

DKIM is widely used to prevent “man in the middle” attacks and BEC (Business Email Compromise) scams, ensuring that the email hasn't been modified during the journey between the sender and the recipient.

To learn more about DKIM, visit dkim.org.

What is DMARC?

Domain-based Message Authentication Reporting & Conformance (DMARC) is an email security protocol that uses SPF and DKIM to standardize the way emails are authenticated and validated.

In practice, DMARC provides action instructions for email servers in the event of attacks and authentication failures. In addition, it also provides reports to the domain owner, allowing him to have visibility and control over the use of his domain and brand.

To learn more about DMARC, visit dmarc.org.

Why your company should adopt DMARC, SPF and DKIM

Email is so popular that it has become the main vector for cyber threats. Data from Verizon point out, for example, that out of every 10 malware infection attempts, 9 happen via emails.

According to the FBI, phishing scam, which usually occurs via emails, is the most committed type of cybercrime in the world.

Besides that, BEC attacks account for almost half of all the damage caused by cyber attacks in the past year. In 2019, BEC scams caused losses of USD 1.7 billion.

In other words, one of the main reasons for adopting DMARC, SPF and DKIM is precisely to block threats, such as spam, phishing, BEC, impersonation and C-level scams.

Together, these three email security protocols prevent your company's domain from being used in scams and fraud that can affect your employees, customers, and partners.

Other reasons for implementing DMARC, SPF and DKIM are: ensure your emails are reliable, gain visibility over your domain, and improve your email delivery capabilities.

Governments from several countries have been adopting DMARC

In recent years, governments from several countries have invested heavily in the adoption of DMARC.

It all started with the UK in 2016, requiring government agencies to implement DMARC and other email security protocols.

In 2017, it was the United States' turn. In 2018, the governments of the Netherlands and New Zealand also made the same demand on DMARC's adoption. In 2019, Australia did as well.

This year, in 2020, Canada and Denmark are implementing a policy of massive adoption of protection for government email domains.

By the way, due to DMARC, the UK has already prevented, within a year, around 80 million spoofed and fake emails from entering government domains. It’s an impressive number.

If governments are adopting DMARC, why couldn't your company adopt it too?

How to deploy DMARC, DKIM and SPF

We always recommend that the implementation of DMARC, DKIM and SPF be done in stages. The easiest way is to start with SPF, then move on to DKIM and, finally, adopt DMARC.

To avoid misconfiguration, other errors and waste of time and money, you need to study the protocols in detail. DMARC and DKIM, in fact, are known to be difficult to setup.

The good news is that there are solutions that facilitate this deployment. With the help of Gatefy Anti-Fraud Protection, your company adopts DMARC, DKIM and SPF easily and quickly. It's really simple.

This way, you have visibility and control over your domains, including receiving information about any malicious activity that may affect your employees, customers and partners.

Read more about our DMARC solution here.