SPF, DKIM and DMARC

SPF (Sender Policy Framework)

SPF tries to authenticate email, by verifying the email envelope sender address, against the IP addresses published by that domain.

The IP address are published in DNS, typically in a TXT record type.

Since Mail-List.com is sending the email from it's servers, the only SPF records that matter are those published by the Mail-List.com domain name.

DKIM (DomainKeys Identified Mail)

DKIM tries to verify that the sender email address was not forged, nor the contents of the message altered.

The public key is published in DNS, in a TXT record type.  The private key is used to sign the email, and must match up to the public key.

Since Mail-List.com does alter the message, by adding footers to the email, Mail-List.com signs the email with it's signature.

Therefore, the only DKIM record that matters, is the Mail-List.com DKIM public key.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC extends SPF and DMARC, and ISP's may choose to Reject or Quarantine incoming emails, if the email fails DMARC checks.

If the mailing list is using Mail-List.com as the domain name, the only DMARC records that matter are published by Mail-List.com

Mailing Lists Using Their Own Domain Names

SPF, DKIM and DMARC Resources

Laura and Steve Atkins - Word to the Wise

https://wordtothewise.com/2016/12/dkim-canonicalization-or-why-microsoft-breaks-your-mail/

https://wordtothewise.com/2017/09/a-dmarc-warning/

https://wordtothewise.com/2018/07/minimal-dmarc/

 

0 Comments

Add your comment

E-Mail me when someone replies to this comment