DMARC: From Theory to Cloud Service – Part 1

The new year starts with some fresh ideas to strengthen IT Security and the awareness of digital communication. The last few weeks, I focused on email security in general – theory such as DMARC, SPF and DKIM – but also implementation details in PHP. I also created a video on YouTube, my first ever. Please check it out if you are interested and do not forget to like or follow.

Email Security with DMARC
Email Security using DMARC

For the first posts for the new year, I want to address email security and DMARC in particular in a blog series. I do not know how many parts the series will have, but I want to start at theory and end up in an announcement. Further, the posts will also appear in video form on my social media accounts – mainly on YouTube, but also on TikTok and Instagram. So if not done yet, start following me on these platforms and also do not forget to subscribe to my newsletter, in order to stay up-to-date:

DMARC, SPF, DKIM – A Theory Deep Dive

DMARC, SPF and DKIM are protocols that form the backbone of modern email authentication. They are primarily designed for domain owners to protect from abuse and ensuring integrity of email communication.
SPF specifies which mail servers are allowed to send emails for a domain, while DKIM ensures that the content of an email remains unaltered and verifies the sender’s identity. DMARC builds on both, addressing gaps by allowing domain owners to define policies for handling authentication failures and providing reports for monitoring and improvement. Together, these protocols create a robust defense against phishing, spoofing, and other email-based threats.

Sender Policy Framework (SPF)


SPF is an email authentication protocol designed to prevent unauthorized servers from sending emails on behalf of your domain. Essentially, it allows domain owners to publish a list of authorized sending servers in their DNS records.

When an email is sent, the receiving server compares the IP address of the sender to the list defined in the domain’s SPF record. If the IP matches, the email passes the SPF check; otherwise, it fails.

SPF helps to prevent email spoofing, where attackers send emails that appear to come from a trusted domain. However, SPF alone does not validate the content or sender identity, which is why it is used in combination with other protocols.

DomainKeys Identified Mail (DKIM)

DKIM provides a way to ensure that the content of an email has not been altered during transmission and verifies that the sender is authorized to send emails on behalf of the domain.

A cryptographic signature is added to the header of each outgoing email. This signature is created using a private key, while the corresponding public key is published in the domain’s DNS records. The recipient server retrieves the public key to validate the signature. If the validation succeeds, the email is considered authentic.

DKIM adds an additional layer of trust to email communications by guaranteeing message integrity. It ensures that the message content and sender information are intact and unaltered.

The next Evolutional Step: DMARC

The theory of DMARC builds on SPF and DKIM by providing domain owners with the ability to enforce email authentication policies and receive feedback on their domain’s email activity.

Domain owners create a DMARC record in their DNS, specifying a policy (none, quarantine, or reject) for how emails failing SPF and/or DKIM should be handled. DMARC also enables reporting, allowing domain owners to see how their emails are being handled and identify potential abuse.

DMARC prevents unauthorized use of your domain, such as phishing or spoofing attacks, by allowing you to define strict email authentication rules. It also gives visibility into how your domain is being used, helping you identify and address vulnerabilities.

Putting Things Together

SPF, DKIM, and DMARC form a cohesive system for email authentication, each addressing a specific aspect of email security. SPF ensures that only authorized servers can send emails on behalf of your domain, while DKIM verifies the integrity and authenticity of the email content. The theory is: DMARC acts as the glue, combining the results of SPF and DKIM, enforcing policies for how authentication failures are handled, and providing detailed reports for monitoring and improving your email security.

Relationship of DMARC, SPF, DKIM
Relationship of DMARC, SPF, DKIM

When implemented together, these protocols significantly reduce the risk of phishing, spoofing, and other unauthorized uses of your domain. They also improve the credibility of your communications, increasing the likelihood that your emails reach their intended recipients without being marked as spam. By adopting this layered approach, domain owners not only protect their reputation but also ensure the security and trustworthiness of their email communication.

Stay Tuned for More

This was a brief recap of the theory of DMARC. In the next part of this series, I will dive deeper into how to implement these protocols, including practical tips and common pitfalls to avoid. Make sure you follow me on social media and subscribe to my newsletter to catch the next post.

If you have questions or topics you’d like me to cover, leave a comment or reach out to me directly. Let’s make email security accessible for everyone!