Showing posts from February, 2023

SPF, DKIM, and DMARC Explained

  I found myself reading RFC 733 today as I had no idea how long BCC emails had been around. Turns out, it's a long time (November 21, 1977). In fact, that is when the "Standard for the Format of ARPA Network Text Messages" was ratified so a whole lot of other things were included in that RFC that are still used in email today, not just BCC emails. Some things that weren't proposed in 1977 for obvious reasons are SPF , DKIM , and DMARC . We'll be talking about those today! (If you're curious like I was what those RFCs are anyway, I linked them so you can check those out too).  SPF - Sender Policy Framework SPF is an authentication mechanism that allows an email server to verify that an email it receives was sent from an authorized server. SPF does this by checking the domain contained in the email header (specifically the envelope sender/MAILFROM), queries for an SPF TXT record that should be contained in that domain's DNS records, and depending on what t