This article covers the brief introduction of various email-validation protocols used for the identification of spam or fraud emails and also list the commands used to query the records.
SPF
SPF or Sender Policy Framework is an Email validation protocol. It is designed to detect and block email spoofing. It is only for a top-level domain(it will automatically authorized the subdomains that come under it) and its length is less than 255 character. SPF record is a text record in the DNS record. If A is a sender and B is a receiver. At times when A sends an email to B, the DNS of B will look into the list of SPF and verify whether the A's SPF is present in the list or not.If SPF is present but IP address is not in the records then it is considered as hard fail.
if no SPF exits then it is a soft fail.
The command used to query SPF records is:
nslookup -type=txt domain
DKMI
DKMI or DomainKeys Identified Mail is also used for identification of spoofed mail. It uses encryption keys:- private key and public key.The private key is held only with the sender. The private key is used to generate the digital signature and then this signature is attached with the email that is sent to the receiver. At the receiver side, the signature is checked against the public key. The public key is stored in the public-facing DNS records. if the records are matched then the mail would be received otherwise categorized as spam.
The command used to query DKMI records is:
>nslookup
>set q=txt
>selector._domainkey.domain
DMARC
Domain-Based Message Authentication Reporting and Conformance is an authentication method that uses both SPF and DKMI. In order for DMARC to pass, both DKMI and SPF must pass or at least one of them must be aligned.The command used to query DMARC records is:
nslookup -type=txt _dmarc.domain
for demontration click here.
Comments
Post a Comment