For a few years unhurriedly I have been discovering features to protect emails from spoofing. Here I briefly collect information about all current standards, their functionality
and an example with one main domain and two subdomains. It is not a complete
guide, please read the RFCs and special guides for each standard.
Standards
Acronym |
Definition |
Official website |
RFC |
IETF Status |
Short description |
SPF |
Sender Policy Framework |
Standards Track RFC |
Defines who (which servers) could send emails from domain and what to do with “bad” emails. Works with «RFC5321.MailFrom» and «HELO» identities. |
||
DKIM |
Domain Keys Identified Message |
Standards Track RFC |
Sign an email by private key to identify the sender. |
||
DMARC |
Domain-based Message Authentication, Reporting, and Conformance |
Informational RFC, Working Group |
The policy that unites the SPF and DKIM to define what should do receivers with «bad» emails. |
||
SIDF |
Sender ID Framework |
Experimental (2006) |
Analog SPF, but works with «RFC5321.MailFrom» and «RFC5322.From». |
||
ADSP |
Author Domain Signing Practices |
- |
Historic (2014) |
Extension to DKIM allowing domain owner to specify whether or not they signed all outgoing mail. |
|
DK |
DomainKeys |
Historic |
Analog of DKIM. This standard was superseded by DKIM (RFC4871). |