Skip to content

Instantly share code, notes, and snippets.

@epomatti

epomatti/emails.md

Last active December 19, 2022 18:58
Show Gist options
  • Save epomatti/5f47f99bbd20332766a7122b0175877a to your computer and use it in GitHub Desktop.
Save epomatti/5f47f99bbd20332766a7122b0175877a to your computer and use it in GitHub Desktop.
Download ZIP
Email Verification Protocols
Raw
emails.md

Email Verification Protocols

  • MX (Mail Exchange): Determines where your emails should be routed to on the internet. It is the equivalnet of an A record where you set the server IP, which in the MX case it will be the mail server FQDN or IP.

    • Multiple entries can be added for additional availability.
    • Priority is added ot the DNS entries as well.
    • Example: @ MX mailhost1.example.com

  • SPF (Sender Policy Framework) - Receiving server queries DNS and confirms sender's origin.

    • Verify the origin of the sender (IP4, IP6, include, MX. Syntax: http://www.open-spf.org/SPF_Record_Syntax).
    • DNS entries that tells servers receiving emails which sender servers are allowed to send emails on behalf of a domain.
    • Servers that receive emails query the DNS to confirm it came from an authorized sending server or IP address.
    • Fail: Reject / Mark as spam
    • Accepted: Email goes to inbox.
    • Example DNS TXT record: v=spf1 ip4:192.168.100.11 -all

  • DKIM (Domain Keys Identified Mail): Sender signs message and receiver confirms signature querying DNS.

    • Sender signs all outbound messages from a domain with a private key, and the public key is published to the DNS. Receiving servers can compare to see if it matches.
    • Security options:
      • Manual
      • Automated
    • Example CNAME: 
      em.emaildomain.com             uxxxxxx.wl.sendgrid.net               CNAME
s1._domainkey.emaildomain.com  s1.domainkey.uxxxxxx.wl.sendgrid.net  CNAME
s2._domainkey.emaildomain.com  s2.domainkey.uxxxxxx.wl.sendgrid.net  CNAME

  • DMARC - Combines the SPF and DKIM, with the addition of a DMARC entry.

    • DMARC adds reporting capability in the protocol.
    • Email receiver flow:
      1. Checks SPF
      2. Checks DKIM
      3. Checks DMARC record
    • Option to tell email receivers to report back to you about how your domain is being used.
    • Example record: v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@dmarcdomain.com
    • Syntax: https://dmarc.org/overview/

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment