• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

By Abhishek Ghosh January 10, 2016 10:26 am Updated on January 10, 2016

How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

Advertisement

Mandrill is most commonly used Transactional Email Service. They are easy to add with just few PHP snippets, like we gave snippets or tutorials for using WordPress with Mandrill or XenForo with Mandrill. Commonly, Transactional Email Services Like Mandrill is used With Google Apps. Here is How to Add DMARC, DKIM, SFP to Avoid Email Spoofing. Mandrill infamously mark with Poor Account Reputation. Although, Poor Account Reputation is a deliberate work done by Mandrill, DMARC, DKIM, SFP avoids Email Spoofing and for Free Mandrill like transactional email service with a shared IP, it is quite important.

 

What We Need to Know Before Jumping to Ask How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

 

IP Spoofing was discussed before. There is also DNS Spoofing. Most of these Cloud Transactional Email Services are smaller business has no own datacenter or DNS. It is unlikely that they use Dyn like good DNS provider.
We talked about SFP before.

If you are using Google Mail for Domains (old name of Google Apps) or Zoho Mail with any Cloud Transactional Email Service, you must be careful and add all these records.

Advertisement

---

DKIM means DomainKeys Identified Mail, which is an email authentication method to detect email spoofing through cryptographic authentication. DMARC is Domain-based Message Authetication, Reporting, and Conformance. You’ll receive daily emails by Google Apps and/or Transactional Email Service as tar ball.

 

How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

 

We are setting these records via DNS Service Provider as TXT record.

SPF for Google Mail for Domains (Google Apps) Plus Mandrill

Run this command for our website on Terminal or iTerm2 window :

Vim
1
dig +short thecustomizewindows.com txt

You’ll get this result :

Vim
1
"v=spf1 include:spf.mandrillapp.com include:_spf.google.com ~all"

That v=spf1 is common, include:spf.mandrillapp.com is for Mandrill, include:_spf.google.com is for Google, ~all is a flag. You can blindly use the same like that of us if you are using Google Mail for Domains (Google Apps) Plus Mandrill. SPF follows this RFC :

Vim
1
https://www.rfc-editor.org/rfc/rfc7208.txt

DKIM for Google Mail for Domains (Google Apps) Plus Mandrill

In the same way, run this command :

Vim
1
dig +short mandrill._domainkey.thecustomizewindows.com txt

You’ll get a big response :

Vim
1
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB\;"

Notice that dig was for mandrill._domainkey.thecustomizewindows.com. Now, run this :

Vim
1
dig +short google._domainkey.thecustomizewindows.com txt

You’ll get a big response :

Vim
1
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaXevY184DD7FcEwRi/2ahLfCD+ACcFw8r1jx4zf97EmSc7VFWvC8CeqQB5hzR6geQ7fNC1lMxMKSxezHhcVoIZx8gGVvHXY9AjddO+6FmQ3ATDTPJY4gbTiizP5ROs6bsBB17uCvv8u2uLcyjqVe+zK9Yx6Zdhd7N2AbVkk5cvQIDAQAB"

No, the value are not same. There is IQ inside, run :

Vim
1
dig +short google._domainkey.thecustomizewindows.com txt | grep IQ

there will be no return. But, if you run :

Vim
1
dig +short mandrill._domainkey.thecustomizewindows.com txt | grep IQ

there will be IQ highlighted.

Notice that dig was for google._domainkey.thecustomizewindows.com. For Google Apps, at this moment, the URL to directly get that DKIM is :

Vim
1
https://admin.google.com/AdminHome#AppDetails:service=email&flyout=dkim

It is mandatory to combine SFP record from multiple providers like Mandrill, Google Apps when both are used by the domain in the way we have shown. DKIM needs not to combines or rather not possible.

DKIM is spelled on RFC 4871 :

Vim
1
https://www.ietf.org/rfc/rfc4871.txt

DMARC for Google Mail for Domains (Google Apps) Plus Mandrill

DMARC is most difficult. No Mail Service Provider will auto generate DMARC for you, unlike SPF and DKIM. Above two were copy && paste work. Run :

Vim
1
dig +short _dmarc.thecustomizewindows.com txt

You’ll get this response :

Vim
1
"v=DMARC1\; p=none\; pct=100\; rua=mailto:webmaster@thecustomizewindows.com\; ruf=mailto:admin@thecustomizewindows.com\;"

What those words mean in v=DMARC1\; p=none\; pct=100\; rua=mailto:webmaster@thecustomizewindows.com\; ruf=mailto:admin@thecustomizewindows.com\; is nicely written in RFC elaborately. Basically like for hyperlinks, bots understand rel="nofollow" and rel="no_follow" both, pct=100 automatically may get adjusted by function to 90%.

Here is a genuine DMARC report of our this website sent by Google – https://gist.github.com/AbhishekGhosh/10e3122bff346af62ae4

You’ll get human usable tools here – https://dmarc.org/resources/deployment-tools/ to generate that type of record. Keep in mind – we are using Google Apps. Google has that service to receive, analyze and send the record to us as zip file. Everyday we get one email with the zip file from noreply-dmarc-support@google.com to webmaster@thecustomizewindows.com. Mandrill possibly do not have that DMARC service.

 

Emails Should Be Signed in Addition

 

Everyone knows that Emails should be signed by GNU PG key. It is not very difficult to implement for WordPress and OS X GPG tool discussed before, so as Facebook GNU PG. Otherwise a malware on your server can sent valid emails, none will understand who is replying using admin@thecustomizewindows.com. Support can reply or I can reply.

I sent an email from admin@thecustomizewindows.com to my email me@abhishekghosh.pro and in Apple Mail, got this from View > Message > Raw Source. SPF, DKIM and GPG are present. I altered the RSA key to smaller and modified that X-ZohoMail-Sender: x.x.x.x :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
Delivered-To: me@abhishekghosh.pro
Received-SPF: Pass (zoho.com: domain of admin@thecustomizewindows.com designates 209.85.220.52 as permitted sender )  client-ip: 209.85.220.52
Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52]) by mx.zohomail.com
with SMTPS id 1452417035861743.8316555668265; Sun, 10 Jan 2016 01:10:35 -0800 (PST)
Received: by mail-pa0-f52.google.com with SMTP id yy13so213359486pab.3
        for <me@abhishekghosh.pro>; Sun, 10 Jan 2016 01:10:35 -0800 (PST)
Return-Path: <admin@thecustomizewindows.com>
Return-Path: <admin@thecustomizewindows.com>
Received: from [100.84.253.192] ([115.250.186.46])
        by smtp.gmail.com with ESMTPSA id ya4sm12239430pab.22.2016.01.10.01.10.31
        for <me@abhishekghosh.pro>
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sun, 10 Jan 2016 01:10:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=thecustomizewindows.com; s=google;
        h=from:content-type:subject:date:message-id:to:mime-version;
        bh=U7191yZOCeAQsrgsJe3xrlvz/QZQs9i8rlHxhopPVYI=;
        b=USVvnpBZEwDmgrAn/w06DJspE2wSfYlXQfSz6tMKxEAAXIewsH0F0yGXJgpJMoGaPk
         o9ygdOCUdZkxD0os14MJ2nRPS6VDhJchA2fH3l94986ioFKhJJU1GugwsWwdTPV1GEiP
         DjfR+G8M3M3cvDaPQV6yO5mfjnesWHZM/VHa0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:content-type:subject:date:message-id:to
         :mime-version;
        bh=U7191yZOCeAQsrgsJe3xrlvz/QZQs9i8rlHxhopPVYI=;
        b=Yo+79chtCUhGuiXLIYBBjAmMUdc7c0VGyWE5QfIJ1/Cue2qa5I82gAV2Ncaw9Elt5B
         ueiVNtLtnF7OISB9jjfFGek7BBedchoQDquZ8dhQ2deax9ZNdKzQrvYpPpkhV0RfurOw
         SFAc/0vZhuSWQYpCbxq4Sot8XymzAhEAaxRrwew15ENO9RiCNMqbyCaR42ha6S8wyPMA
         hA66wrYxcoC4ChtTKLpXE11JdRrUCINsCEnDy4CRz7XzaU4dHmiHqx5V7N3OaJe3DzCF
         oefl9sRXik35Gsu6YOok3+d+jJq14hI2/tj9K8hLiLls0UJ8zNXl7YVW71FsWVU4Cq2n
         Y9jA==
X-Gm-Message-State: ALoCoQkgl33jEMCTlZNniYh0RCjMhNhRHCL5b5NrSuSkb3zfrUBsLs45aNd6H/r2Xq2jeOuLE2Vt8EeYxeCKexiveK1Dbgq1xA==
X-Received: by 10.67.2.73 with SMTP id bm9mr172854181pad.94.1452417033461;
        Sun, 10 Jan 2016 01:10:33 -0800 (PST)
From: The Customize Windows <admin@thecustomizewindows.com>
X-Pgp-Agent: GPGMail 2.5.2
Content-Type: multipart/signed; boundary="Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300"; protocol="application/pgp-signature"; micalg=pgp-sha512
Subject: Testing DMARC and GNU PG
Date: Sun, 10 Jan 2016 14:40:27 +0530
Message-Id: <09683138-D098-4E9C-AE57-6D12635007A6@thecustomizewindows.com>
To: "Dr. Abhishek Ghosh" <me@abhishekghosh.pro>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
X-Mailer: Apple Mail (2.2098)
X-Zoho-Virus-Status: 1
X-ZohoMail: SS_5 SFPD SFPP UW2468 UB6248 PIW  SF_SOIPH1_3 COSF  A9 NDL   SGR3_1_0_21125_80
X-ZohoMail-Owner: <09683138-D098-4E9C-AE57-6D12635007A6@thecustomizewindows.com>+zmo_1_<admin@thecustomizewindows.com>
X-ZohoMail-Sender: x.x.x.x
 
 
--Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
 
Hi,
 
We are testing DMARC and GNU PG for encryption.
 
Thanks.
 
--Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
 
iQIcBAEBCgAGBQJWkiAEAAoJEChxaZWUDR0hW6MQAJEk/
...
 
pZWiGrzNpNgkAgprnJ8u=YI4c
-----END PGP SIGNATURE-----
 
--Apple-Mail=ABCD-43F46E456--

How-to-Add-DMARC,-DKIM,-SFP-to-Avoid-Email-Spoofing Tagged With how do i add a dmarc record , how do i add a dmarc txt record , how to add a dmarc text record , how to add DMARC to email , how to add remailer for dmarc and dkim , iredmail add dmarc , iredmail dmark , x-zoho-virus-status: 1

This Article Has Been Shared 859 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

  • SELinux and Security in the Context of Cloud Servers

    SELinux Was Developed By United States National Security Agency (NSA). SELinux and Security in the Context of Cloud Servers Can Be Questionable.

  • Security Concerns of Server Virtualization and Solutions

    Recent discovery of VENOM and related critical bugs in the Xen, KVM, and native QEMU virtual machine platforms again brought the topic Security Concerns of Server Virtualization in to lime light. VENOM was unknown, from Heartbleed, what we have learned is quite clear – frankly there is nothing to do with the unknown, undiscovered bugs […]

  • Requirements for Cloud Contract

    Cloud service should have a higher level of security and reliability offer than before. Here are some basic requirements for Cloud Contract. We have published articles on Steps for Cloud Security, Checklist for Secure Cloud Computing, as well as some focus on Business related terminologies – demystifying Non Disclosure Agreement (NDA), Service Level Agreement (SLA) […]

  • Google Jokes, But Not With NSA

    Google, Facebook, Microsoft – All Started from Garage by Teenagers. Google Jokes, But Not With NSA. People Think About Google, But For Privacy.

  • WordPress Cloud Hosting : Example of Basic Scalable Architecture

    WordPress Cloud Hosting Demands Special Attention to the Plan of the Architecture. Universal Optimized WordPress Cloud Hosting is a Pure Fuss.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023
  • Cyberpunk Aesthetics: What’s in it Special January 27, 2023
  • How to Do Electrical Layout Plan for Adding Smart Switches January 26, 2023
  • What is a Data Mesh? January 25, 2023

About This Article

Cite this article as: Abhishek Ghosh, "How to Add DMARC, DKIM, SFP to Avoid Email Spoofing," in The Customize Windows, January 10, 2016, February 1, 2023, https://thecustomizewindows.com/2016/01/how-to-add-dmarc-dkim-sfp-to-avoid-email-spoofing/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT