SPF (Sender Policy Framework) has been around for a decade but there are still many organizations that don’t have it implemented or are just beginning the journey. With email borne threats compromising the majority of attacks against both large and small organizations, SPF has been and still is an excellent starting point to authenticate the source of your email.
So what is SPF ? SPF is a simple email validation mechanism that allows receiving email servers to determine the authenticity of the incoming mail is from a host (ip address) that is authorized by the domain's administrators. The SPF mechanism can essentially allow the receiving email server to accept the traffic or to reject it. We won’t get into the detail of the other 2 triggers – a softfail and a neutral. Never the less, it is the latter process of rejection that can send shivers through most marketing executives and business people. Even the term “softfail” has connotations of some kind of failure. Email is no longer just used for internal communication but is an essential tool for the operations of a business. We covered this topic in a previous blog – “Email – No Longer Set and Forget”. Email must continue to flow !!
How can DMARC make SPF implementation easier and more successful ? The implementation of DMARC takes less than 30 minutes to complete. The key aspects that will help SPF implementation include:
1. DMARC to perform audit
SPF is a great starting point to add security to your email domains, but unfortunately it is not perfect. See – “The Fundamental flaw in Email” . DMARC can be viewed as an umbrella process that checks a domain’s SPF (RFC 5321 Mail From) and to a lesser extent DKIM record, before applying its own validation process.
DMARC in pass through mode (the others being quarantine and reject), also identifies all other sources that use your email domains to send email to your customers on your behalf – these may include marketing applications such as Mailchimp, ExactTarget or even an accounting package that can send an invoice such as Xero.com. DMARC looks at both the “RFC 5321 Mail From” and the “RFC 5322 From” addresses in the email header before the process actions the requirements in the record.
In other words, DMARC conducts an audit of all the sources that send email using your email domains both internal and external.
In the diagram, dmarcian’s tool , we can discover sources of your domain’s email, from a number of providers and across specific timelines. Such a tool is essential to monitor the progress of the SPF implementation and to capture ALL email sources.
2. DMARC to check SPF record The other key benefit of implementing DMARC in pass through mode during the SPF implementation project, is that it will identify any issue with the SPF record based on a simple traffic light model ie Green is OK, Yellow is a warning meaning a non-fatal error and Red traffic light indicates a fatal error where SPF cannot be used as part of the email domain authentication process. The diagram again from dmarcian's dashbaord shows the existing state of DMARC, SPF and DKIM.
SPF and DMARC like “bread and butter” Monitoring the progress of any change during the implementation phase is what more or less guarantees that success of that change. Implementation of DMARC takes less than 30minutes – well worth the effort for a successful SPF implementation project.
By Con Lokos