DKIM & DMARC Authentication: Questions & Answers
The simple answer?… Yes. DKIM and DMARC are types of email authentication that prove you aren’t sending a message on behalf of someone else. Email phishing and spam use forged “from” addresses. These are ways to ensure an email isn’t forged.
What Are DKIM & DMARC?
DKIM stands for Domain Keys Identified Email.
DMARC stands for Domain-Based Message Authentication, Reporting and Conformance.
Why Do We Need To Use DKIM Authentication?
Spammers will forge headers or other aspects of an email to make it look as if it came from a legitimate source. DKIM was created to fight spam. It uses a digital signature to help you determine whether an email is legitimate.
A DKIM authenticates 3 different things.
- The content of an email hasn’t been tampered with.
- The headers in the email weren’t altered since it was sent. In other words, that the “from” domain is the original one.
- The sender of the email owns the DKIM domain (or is authorized by the owner of that domain to use it).
How Does DKIM Work?
DKIM uses an encryption algorithm that creates a pair of electronic keys. You have both a public key and a private key.
DKIM encrypts the header with a private key. It signs an email with a digitally-encrypted signature. This signature is a header that’s included in an email message.
Here’s how it works:
- The private key stays on the computer that it was created on.
- It remains secret and stored in the sending email server.
- If the decrypted signature matches the information in the unencrypted header, it knows that the signature (the header) hasn’t been tampered with during transmission and receipt.
To truly understand how it works would require a knowledge of modern cryptography. All you need to know is that the DKIM provides an authentication that the person who sent you an email is the actual sender.
What’s The Difference Between DKIM & SPF?
When email was first used, there weren’t many ways to authenticate a sender’s identity. Scams, viruses and spam were sent via email using forged sender information. (This still happens today.)
This is because the Domain Name System (DNS) is like a phonebook. It connects the domain with other records to find the real sender.
Today’s email uses a newer adaptation of this same system to verify senders. This is called a Sender Policy Framework (SPF).
SPF is a method for receiving mail servers to verify that incoming email from a domain was authorized by that domain’s administrators.
This is where DKIM comes in…
DKIM adds a digital signature to the headers of an email message. It’s then validated against a public cryptographic key that’s located in the organization’s DNS record.
Do We Need Both DKIM & SPF?
If your business sends commercial emails where automated, real-time messages are sent to users, it’s essential that you use both SPF and DKIM. They will protect your reputation and customer relationships. They also ensure that your business-critical emails don’t wind up in your recipients’ junk email folders.
Why Do We Need To Use DMARC Authentication?
DMARC limits different types of email-based hacking such as email spoofing.
A large percentage of email comes through networks of major tech companies. All of these companies contribute to this system for authenticating email and making sure that they’ve come from legitimate sources.
DMARC also limits the amount of unauthenticated or illegitimate email that floods today’s inboxes.
How Does DMARC Work?
Unlike DKIM, DMARC is a monitoring tool. You can see when someone tries to send an email using your domain. And you can see the DKIM record that they tried to authenticate with. The forensics for this are functions are built into DMARC.
Unfortunately, email receivers don’t have to comply with DMARC. However, an increasing number do. Sometimes the email receivers will enforce their own DMARC policies.
DMARC prevents spoofing of your domain, which is essential for not only businesses but consumers. And it authenticates your legitimate emails and prioritizes delivery into your recipients’ inbox.
If you use DMARC, just like DKIM, your marketing emails are more likely to be delivered instead of ending up in Junk Mail.
So, this means that using DMARC can make email marketing campaigns far more effective. If marketing emails are delivered, there’s a greater chance that they’ll be received and read.
Do We Need Both DKIM and DMARC?
DKIM must be used. And it works best with it’s paired with DMARC. With both of these in place and set up correctly, the recipient will know that the emails they’re receiving are from who they think they’re from.
To set DKIM and DMARC up correctly for your Bay Area business requires the expertise of an IT support company. If you need assistance, we’re always here to help.
In the meantime, don’t take chances with your emails. To stay up to date on these and other IT topics, visit our Business IT News.