• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

By Abhishek Ghosh January 10, 2016 10:26 am Updated on January 10, 2016

How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

Advertisement

Mandrill is most commonly used Transactional Email Service. They are easy to add with just few PHP snippets, like we gave snippets or tutorials for using WordPress with Mandrill or XenForo with Mandrill. Commonly, Transactional Email Services Like Mandrill is used With Google Apps. Here is How to Add DMARC, DKIM, SFP to Avoid Email Spoofing. Mandrill infamously mark with Poor Account Reputation. Although, Poor Account Reputation is a deliberate work done by Mandrill, DMARC, DKIM, SFP avoids Email Spoofing and for Free Mandrill like transactional email service with a shared IP, it is quite important.

 

What We Need to Know Before Jumping to Ask How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

 

IP Spoofing was discussed before. There is also DNS Spoofing. Most of these Cloud Transactional Email Services are smaller business has no own datacenter or DNS. It is unlikely that they use Dyn like good DNS provider.
We talked about SFP before.

If you are using Google Mail for Domains (old name of Google Apps) or Zoho Mail with any Cloud Transactional Email Service, you must be careful and add all these records.

Advertisement

---

DKIM means DomainKeys Identified Mail, which is an email authentication method to detect email spoofing through cryptographic authentication. DMARC is Domain-based Message Authetication, Reporting, and Conformance. You’ll receive daily emails by Google Apps and/or Transactional Email Service as tar ball.

 

How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

 

We are setting these records via DNS Service Provider as TXT record.

SPF for Google Mail for Domains (Google Apps) Plus Mandrill

Run this command for our website on Terminal or iTerm2 window :

Vim
1
dig +short thecustomizewindows.com txt

You’ll get this result :

Vim
1
"v=spf1 include:spf.mandrillapp.com include:_spf.google.com ~all"

That v=spf1 is common, include:spf.mandrillapp.com is for Mandrill, include:_spf.google.com is for Google, ~all is a flag. You can blindly use the same like that of us if you are using Google Mail for Domains (Google Apps) Plus Mandrill. SPF follows this RFC :

Vim
1
https://www.rfc-editor.org/rfc/rfc7208.txt

DKIM for Google Mail for Domains (Google Apps) Plus Mandrill

In the same way, run this command :

Vim
1
dig +short mandrill._domainkey.thecustomizewindows.com txt

You’ll get a big response :

Vim
1
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB\;"

Notice that dig was for mandrill._domainkey.thecustomizewindows.com. Now, run this :

Vim
1
dig +short google._domainkey.thecustomizewindows.com txt

You’ll get a big response :

Vim
1
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaXevY184DD7FcEwRi/2ahLfCD+ACcFw8r1jx4zf97EmSc7VFWvC8CeqQB5hzR6geQ7fNC1lMxMKSxezHhcVoIZx8gGVvHXY9AjddO+6FmQ3ATDTPJY4gbTiizP5ROs6bsBB17uCvv8u2uLcyjqVe+zK9Yx6Zdhd7N2AbVkk5cvQIDAQAB"

No, the value are not same. There is IQ inside, run :

Vim
1
dig +short google._domainkey.thecustomizewindows.com txt | grep IQ

there will be no return. But, if you run :

Vim
1
dig +short mandrill._domainkey.thecustomizewindows.com txt | grep IQ

there will be IQ highlighted.

Notice that dig was for google._domainkey.thecustomizewindows.com. For Google Apps, at this moment, the URL to directly get that DKIM is :

Vim
1
https://admin.google.com/AdminHome#AppDetails:service=email&flyout=dkim

It is mandatory to combine SFP record from multiple providers like Mandrill, Google Apps when both are used by the domain in the way we have shown. DKIM needs not to combines or rather not possible.

DKIM is spelled on RFC 4871 :

Vim
1
https://www.ietf.org/rfc/rfc4871.txt

DMARC for Google Mail for Domains (Google Apps) Plus Mandrill

DMARC is most difficult. No Mail Service Provider will auto generate DMARC for you, unlike SPF and DKIM. Above two were copy && paste work. Run :

Vim
1
dig +short _dmarc.thecustomizewindows.com txt

You’ll get this response :

Vim
1
"v=DMARC1\; p=none\; pct=100\; rua=mailto:webmaster@thecustomizewindows.com\; ruf=mailto:admin@thecustomizewindows.com\;"

What those words mean in v=DMARC1\; p=none\; pct=100\; rua=mailto:webmaster@thecustomizewindows.com\; ruf=mailto:admin@thecustomizewindows.com\; is nicely written in RFC elaborately. Basically like for hyperlinks, bots understand rel="nofollow" and rel="no_follow" both, pct=100 automatically may get adjusted by function to 90%.

Here is a genuine DMARC report of our this website sent by Google – https://gist.github.com/AbhishekGhosh/10e3122bff346af62ae4

You’ll get human usable tools here – https://dmarc.org/resources/deployment-tools/ to generate that type of record. Keep in mind – we are using Google Apps. Google has that service to receive, analyze and send the record to us as zip file. Everyday we get one email with the zip file from noreply-dmarc-support@google.com to webmaster@thecustomizewindows.com. Mandrill possibly do not have that DMARC service.

 

Emails Should Be Signed in Addition

 

Everyone knows that Emails should be signed by GNU PG key. It is not very difficult to implement for WordPress and OS X GPG tool discussed before, so as Facebook GNU PG. Otherwise a malware on your server can sent valid emails, none will understand who is replying using admin@thecustomizewindows.com. Support can reply or I can reply.

I sent an email from admin@thecustomizewindows.com to my email me@abhishekghosh.pro and in Apple Mail, got this from View > Message > Raw Source. SPF, DKIM and GPG are present. I altered the RSA key to smaller and modified that X-ZohoMail-Sender: x.x.x.x :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
Delivered-To: me@abhishekghosh.pro
Received-SPF: Pass (zoho.com: domain of admin@thecustomizewindows.com designates 209.85.220.52 as permitted sender )  client-ip: 209.85.220.52
Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52]) by mx.zohomail.com
with SMTPS id 1452417035861743.8316555668265; Sun, 10 Jan 2016 01:10:35 -0800 (PST)
Received: by mail-pa0-f52.google.com with SMTP id yy13so213359486pab.3
        for <me@abhishekghosh.pro>; Sun, 10 Jan 2016 01:10:35 -0800 (PST)
Return-Path: <admin@thecustomizewindows.com>
Return-Path: <admin@thecustomizewindows.com>
Received: from [100.84.253.192] ([115.250.186.46])
        by smtp.gmail.com with ESMTPSA id ya4sm12239430pab.22.2016.01.10.01.10.31
        for <me@abhishekghosh.pro>
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sun, 10 Jan 2016 01:10:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=thecustomizewindows.com; s=google;
        h=from:content-type:subject:date:message-id:to:mime-version;
        bh=U7191yZOCeAQsrgsJe3xrlvz/QZQs9i8rlHxhopPVYI=;
        b=USVvnpBZEwDmgrAn/w06DJspE2wSfYlXQfSz6tMKxEAAXIewsH0F0yGXJgpJMoGaPk
         o9ygdOCUdZkxD0os14MJ2nRPS6VDhJchA2fH3l94986ioFKhJJU1GugwsWwdTPV1GEiP
         DjfR+G8M3M3cvDaPQV6yO5mfjnesWHZM/VHa0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:content-type:subject:date:message-id:to
         :mime-version;
        bh=U7191yZOCeAQsrgsJe3xrlvz/QZQs9i8rlHxhopPVYI=;
        b=Yo+79chtCUhGuiXLIYBBjAmMUdc7c0VGyWE5QfIJ1/Cue2qa5I82gAV2Ncaw9Elt5B
         ueiVNtLtnF7OISB9jjfFGek7BBedchoQDquZ8dhQ2deax9ZNdKzQrvYpPpkhV0RfurOw
         SFAc/0vZhuSWQYpCbxq4Sot8XymzAhEAaxRrwew15ENO9RiCNMqbyCaR42ha6S8wyPMA
         hA66wrYxcoC4ChtTKLpXE11JdRrUCINsCEnDy4CRz7XzaU4dHmiHqx5V7N3OaJe3DzCF
         oefl9sRXik35Gsu6YOok3+d+jJq14hI2/tj9K8hLiLls0UJ8zNXl7YVW71FsWVU4Cq2n
         Y9jA==
X-Gm-Message-State: ALoCoQkgl33jEMCTlZNniYh0RCjMhNhRHCL5b5NrSuSkb3zfrUBsLs45aNd6H/r2Xq2jeOuLE2Vt8EeYxeCKexiveK1Dbgq1xA==
X-Received: by 10.67.2.73 with SMTP id bm9mr172854181pad.94.1452417033461;
        Sun, 10 Jan 2016 01:10:33 -0800 (PST)
From: The Customize Windows <admin@thecustomizewindows.com>
X-Pgp-Agent: GPGMail 2.5.2
Content-Type: multipart/signed; boundary="Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300"; protocol="application/pgp-signature"; micalg=pgp-sha512
Subject: Testing DMARC and GNU PG
Date: Sun, 10 Jan 2016 14:40:27 +0530
Message-Id: <09683138-D098-4E9C-AE57-6D12635007A6@thecustomizewindows.com>
To: "Dr. Abhishek Ghosh" <me@abhishekghosh.pro>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
X-Mailer: Apple Mail (2.2098)
X-Zoho-Virus-Status: 1
X-ZohoMail: SS_5 SFPD SFPP UW2468 UB6248 PIW  SF_SOIPH1_3 COSF  A9 NDL   SGR3_1_0_21125_80
X-ZohoMail-Owner: <09683138-D098-4E9C-AE57-6D12635007A6@thecustomizewindows.com>+zmo_1_<admin@thecustomizewindows.com>
X-ZohoMail-Sender: x.x.x.x
 
 
--Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
 
Hi,
 
We are testing DMARC and GNU PG for encryption.
 
Thanks.
 
--Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
 
iQIcBAEBCgAGBQJWkiAEAAoJEChxaZWUDR0hW6MQAJEk/
...
 
pZWiGrzNpNgkAgprnJ8u=YI4c
-----END PGP SIGNATURE-----
 
--Apple-Mail=ABCD-43F46E456--

How-to-Add-DMARC,-DKIM,-SFP-to-Avoid-Email-Spoofing Tagged With how do i add a dmarc record , how do i add a dmarc txt record , how to add a dmarc text record , how to add DMARC to email , how to add remailer for dmarc and dkim , iredmail add dmarc , iredmail dmark , x-zoho-virus-status: 1

This Article Has Been Shared 400 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

  • SELinux and Security in the Context of Cloud Servers

    SELinux Was Developed By United States National Security Agency (NSA). SELinux and Security in the Context of Cloud Servers Can Be Questionable.

  • Security Concerns of Server Virtualization and Solutions

    Recent discovery of VENOM and related critical bugs in the Xen, KVM, and native QEMU virtual machine platforms again brought the topic Security Concerns of Server Virtualization in to lime light. VENOM was unknown, from Heartbleed, what we have learned is quite clear – frankly there is nothing to do with the unknown, undiscovered bugs […]

  • Requirements for Cloud Contract

    Cloud service should have a higher level of security and reliability offer than before. Here are some basic requirements for Cloud Contract. We have published articles on Steps for Cloud Security, Checklist for Secure Cloud Computing, as well as some focus on Business related terminologies – demystifying Non Disclosure Agreement (NDA), Service Level Agreement (SLA) […]

  • Google Jokes, But Not With NSA

    Google, Facebook, Microsoft – All Started from Garage by Teenagers. Google Jokes, But Not With NSA. People Think About Google, But For Privacy.

  • WordPress Cloud Hosting : Example of Basic Scalable Architecture

    WordPress Cloud Hosting Demands Special Attention to the Plan of the Architecture. Universal Optimized WordPress Cloud Hosting is a Pure Fuss.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Big Data in Sports May 20, 2022
  • FaaS Versus PaaS Deployment: What You Should Know May 18, 2022
  • What Is A Digital Media Consultancy? May 17, 2022
  • How Artificial Intelligence (AI) Is Changing The Way We Play Bingo May 16, 2022
  • Why You Need A Big Data Consultant May 15, 2022

About This Article

Cite this article as: Abhishek Ghosh, "How to Add DMARC, DKIM, SFP to Avoid Email Spoofing," in The Customize Windows, January 10, 2016, May 22, 2022, https://thecustomizewindows.com/2016/01/how-to-add-dmarc-dkim-sfp-to-avoid-email-spoofing/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy