Knowledge Base

Home / Knowledge Base / General Information About Email and SMTP / Message Authentication

 

Many spam messages are 'spoofed' - meaning that the sender's address appearing on a message was not the actual sender of the message. For example, you may have received 'phishing' emails that appear to have been sent from support@paypal.com - designed to entice you to enter your Paypal login credentials at a fake web site designed to look like Paypal's. These messages were 'spoofed', with the sender's address appearing to be support@paypal.com, even though these messages were not in fact sent by Paypal.

Because the SMTP protocol dates back to the early 1980's, when the internet was in its early stages and used only by a relatively small number of users, the engineers of the SMTP protocol did not foresee the problem of spoofing. Because of this, spammers and scammers can easily send messages appearing to have been sent from any sender that they choose.

To counter the problem of spoofing, message authentication methods have emerged. These methods are used to determine whether the sender's address appearing on a message is likely to be legitimate, or whether it is likely to have been spoofed. By authenticating whether or not a message was likely to have been sent from the sender that it purports to have been sent from, spam filters can more accurately determine whether or not a message is likely to be spam. Two standards that have become widely used for message authentication are Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM).

SPF
SPF is a way of publishing the IP addresses of mail servers that outbound mail for a domain is authorized to be sent from. This enables spam filters to determine if a message was likely spoofed. If the message was sent from a mail server whose IP address is not listed in the SPF record for the domain of the purported sender, then the message is likely to have been spoofed. SPF records are published as TXT records in the DNS for a domain. See https://en.wikipedia.org/wiki/Sender_Policy_Framework for more information.

DKIM
DKIM is another method for authenticating messages. It's an outgrowth of an earlier standard, known as DomainKeys, and is based on public key cryptography and digital signatures. Using DKIM, the message is digitally signed by an entity - which can be either the sender themselves, or a third party. The signer's public key, which is used for verifying the signature, is published in the DNS for their domain. When a message is signed, the DKIM signature is placed in the header of the message. Upon receipt of the message, the signature is verified using the signer's public key. If the signature is valid, then this indicates that the signer has vouched for the authenticity of the message. UltraSMTP can DKIM-sign your messages on your behalf using our keys, or messages can be signed by UltraSMTP using your keys. For more info on DKIM, see https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail.


Related:
Setting Up SPF and DKIM With UltraSMTP

© Meixler Technologies, Inc. All Rights Reserved.