Portal Home > Knowledgebase > Articles Database > What is DKIM and SPF
What is DKIM and SPF
| Posted by kshazad86, 02-10-2015, 10:28 AM |
| Can someone help me and explain exactly what DKIM and SPF are, and if there are any security/stability issues with enabling these options for all users on a shared cPanel server?
|
| Posted by Srv24x7, 02-10-2015, 10:44 AM |
| Him
DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. In other words, DKIM attaches a new domain name identifier to a message and uses cryptographic techniques to validate authorization for its presence.
Sender Policy Framework (SPF) is a simple email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is being sent from a host authorized by that domain's administrators.
Both of these mechanisms are useful for mail recognition and they are good in terms of mail security.
Make sure all the domains on your shared server has SPF and DKIM records in the DNS.
|
| Posted by kshazad86, 02-10-2015, 10:46 AM |
| Thanks,
Is it likely though if I enable both these options, then some users will not be able to email accounts on the server, since SPF will block out those senders that dont have SPF records for their domains?
|
| Posted by david_was_here, 02-10-2015, 11:01 AM |
| It depends on how you have the mail server configured. For example if the server is set to soft fail then the illegitimate email would goto the spam/junk folder. If set to hard fail, it would either reject the email from the server altogether or just throw it away without notification.
It is usually best to set these to soft-fail as not everyone in the world is going to have a ready-to-use SPF record.
It works by:
* Email server receives email from 1.2.3.4 from the domain mydomain.com.
* Email server runs a dig to see if mydomain.com has an SPF record.
* mydomain.com has an SPF record set that does not list the IP address 1.2.3.4 in the SPF record.
* Email server either A) soft fail or B) hard fail.
|
| Posted by kshazad86, 02-10-2015, 11:07 AM |
| How can I make sure soft-fail is being used in cPanel for all users?
|
| Posted by SPaReK, 02-10-2015, 12:18 PM |
| And this is really why SPF is failing as a technology benefit.
Not saying I disagree with you. But not enough people know how to properly set their SPF record and what a properly set SPF record means. Which means receiving servers can't handle SPF lookups in a way that really benefits users.
Receiving servers receive a message that does not match the domain's SPF record and that receiving server has to handle it as "Meh... this doesn't match the SPF record, but that may be because of user error, we better deliver this message just to be sure, maybe weigh it a little bit more for spam"
I don't think softfail really benefits SPF. Users need to know exactly what mail servers are going to legitimately be sending out mail from their domain name and set their SPF record accordingly. If they don't know what mail servers are legitimately sending out mail from their domain name, then they need to find out. Then they need to understand that mail from their domain name can only be sent out from one of those servers.
If everybody did this and everybody understood this. Then an SPF lookup on the receiving side that doesn't match, that receiving side can treat the message as spam and outright reject it.
|
| Posted by david_was_here, 02-10-2015, 01:40 PM |
| I agree completely.
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
