• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here:Home » How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

By Abhishek Ghosh January 10, 2016 10:26 am Updated on January 10, 2016

How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

Advertisement

Mandrill is most commonly used Transactional Email Service. They are easy to add with just few PHP snippets, like we gave snippets or tutorials for using WordPress with Mandrill or XenForo with Mandrill. Commonly, Transactional Email Services Like Mandrill is used With Google Apps. Here is How to Add DMARC, DKIM, SFP to Avoid Email Spoofing. Mandrill infamously mark with Poor Account Reputation. Although, Poor Account Reputation is a deliberate work done by Mandrill, DMARC, DKIM, SFP avoids Email Spoofing and for Free Mandrill like transactional email service with a shared IP, it is quite important.

 

What We Need to Know Before Jumping to Ask How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

 

IP Spoofing was discussed before. There is also DNS Spoofing. Most of these Cloud Transactional Email Services are smaller business has no own datacenter or DNS. It is unlikely that they use Dyn like good DNS provider.
We talked about SFP before.

If you are using Google Mail for Domains (old name of Google Apps) or Zoho Mail with any Cloud Transactional Email Service, you must be careful and add all these records.

Advertisement

---

DKIM means DomainKeys Identified Mail, which is an email authentication method to detect email spoofing through cryptographic authentication. DMARC is Domain-based Message Authetication, Reporting, and Conformance. You’ll receive daily emails by Google Apps and/or Transactional Email Service as tar ball.

 

How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

 

We are setting these records via DNS Service Provider as TXT record.

SPF for Google Mail for Domains (Google Apps) Plus Mandrill

Run this command for our website on Terminal or iTerm2 window :

Vim
1
dig +short thecustomizewindows.com txt

You’ll get this result :

Vim
1
"v=spf1 include:spf.mandrillapp.com include:_spf.google.com ~all"

That v=spf1 is common, include:spf.mandrillapp.com is for Mandrill, include:_spf.google.com is for Google, ~all is a flag. You can blindly use the same like that of us if you are using Google Mail for Domains (Google Apps) Plus Mandrill. SPF follows this RFC :

Vim
1
https://www.rfc-editor.org/rfc/rfc7208.txt

DKIM for Google Mail for Domains (Google Apps) Plus Mandrill

In the same way, run this command :

Vim
1
dig +short mandrill._domainkey.thecustomizewindows.com txt

You’ll get a big response :

Vim
1
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrLHiExVd55zd/IQ/J/mRwSRMAocV/hMB3jXwaHH36d9NaVynQFYV8NaWi69c1veUtRzGt7yAioXqLj7Z4TeEUoOLgrKsn8YnckGs9i3B3tVFB+Ch/4mPhXWiNfNdynHWBcPcbJ8kjEQ2U8y78dHZj1YeRXXVvWob2OaKynO8/lQIDAQAB\;"

Notice that dig was for mandrill._domainkey.thecustomizewindows.com. Now, run this :

Vim
1
dig +short google._domainkey.thecustomizewindows.com txt

You’ll get a big response :

Vim
1
"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaXevY184DD7FcEwRi/2ahLfCD+ACcFw8r1jx4zf97EmSc7VFWvC8CeqQB5hzR6geQ7fNC1lMxMKSxezHhcVoIZx8gGVvHXY9AjddO+6FmQ3ATDTPJY4gbTiizP5ROs6bsBB17uCvv8u2uLcyjqVe+zK9Yx6Zdhd7N2AbVkk5cvQIDAQAB"

No, the value are not same. There is IQ inside, run :

Vim
1
dig +short google._domainkey.thecustomizewindows.com txt | grep IQ

there will be no return. But, if you run :

Vim
1
dig +short mandrill._domainkey.thecustomizewindows.com txt | grep IQ

there will be IQ highlighted.

Notice that dig was for google._domainkey.thecustomizewindows.com. For Google Apps, at this moment, the URL to directly get that DKIM is :

Vim
1
https://admin.google.com/AdminHome#AppDetails:service=email&flyout=dkim

It is mandatory to combine SFP record from multiple providers like Mandrill, Google Apps when both are used by the domain in the way we have shown. DKIM needs not to combines or rather not possible.

DKIM is spelled on RFC 4871 :

Vim
1
https://www.ietf.org/rfc/rfc4871.txt

DMARC for Google Mail for Domains (Google Apps) Plus Mandrill

DMARC is most difficult. No Mail Service Provider will auto generate DMARC for you, unlike SPF and DKIM. Above two were copy && paste work. Run :

Vim
1
dig +short _dmarc.thecustomizewindows.com txt

You’ll get this response :

Vim
1
"v=DMARC1\; p=none\; pct=100\; rua=mailto:webmaster@thecustomizewindows.com\; ruf=mailto:admin@thecustomizewindows.com\;"

What those words mean in v=DMARC1\; p=none\; pct=100\; rua=mailto:webmaster@thecustomizewindows.com\; ruf=mailto:admin@thecustomizewindows.com\; is nicely written in RFC elaborately. Basically like for hyperlinks, bots understand rel="nofollow" and rel="no_follow" both, pct=100 automatically may get adjusted by function to 90%.

Here is a genuine DMARC report of our this website sent by Google – https://gist.github.com/AbhishekGhosh/10e3122bff346af62ae4

You’ll get human usable tools here – https://dmarc.org/resources/deployment-tools/ to generate that type of record. Keep in mind – we are using Google Apps. Google has that service to receive, analyze and send the record to us as zip file. Everyday we get one email with the zip file from noreply-dmarc-support@google.com to webmaster@thecustomizewindows.com. Mandrill possibly do not have that DMARC service.

 

Emails Should Be Signed in Addition

 

Everyone knows that Emails should be signed by GNU PG key. It is not very difficult to implement for WordPress and OS X GPG tool discussed before, so as Facebook GNU PG. Otherwise a malware on your server can sent valid emails, none will understand who is replying using admin@thecustomizewindows.com. Support can reply or I can reply.

I sent an email from admin@thecustomizewindows.com to my email me@abhishekghosh.pro and in Apple Mail, got this from View > Message > Raw Source. SPF, DKIM and GPG are present. I altered the RSA key to smaller and modified that X-ZohoMail-Sender: x.x.x.x :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
Delivered-To: me@abhishekghosh.pro
Received-SPF: Pass (zoho.com: domain of admin@thecustomizewindows.com designates 209.85.220.52 as permitted sender )  client-ip: 209.85.220.52
Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52]) by mx.zohomail.com
with SMTPS id 1452417035861743.8316555668265; Sun, 10 Jan 2016 01:10:35 -0800 (PST)
Received: by mail-pa0-f52.google.com with SMTP id yy13so213359486pab.3
        for <me@abhishekghosh.pro>; Sun, 10 Jan 2016 01:10:35 -0800 (PST)
Return-Path: <admin@thecustomizewindows.com>
Return-Path: <admin@thecustomizewindows.com>
Received: from [100.84.253.192] ([115.250.186.46])
        by smtp.gmail.com with ESMTPSA id ya4sm12239430pab.22.2016.01.10.01.10.31
        for <me@abhishekghosh.pro>
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Sun, 10 Jan 2016 01:10:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=thecustomizewindows.com; s=google;
        h=from:content-type:subject:date:message-id:to:mime-version;
        bh=U7191yZOCeAQsrgsJe3xrlvz/QZQs9i8rlHxhopPVYI=;
        b=USVvnpBZEwDmgrAn/w06DJspE2wSfYlXQfSz6tMKxEAAXIewsH0F0yGXJgpJMoGaPk
         o9ygdOCUdZkxD0os14MJ2nRPS6VDhJchA2fH3l94986ioFKhJJU1GugwsWwdTPV1GEiP
         DjfR+G8M3M3cvDaPQV6yO5mfjnesWHZM/VHa0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:from:content-type:subject:date:message-id:to
         :mime-version;
        bh=U7191yZOCeAQsrgsJe3xrlvz/QZQs9i8rlHxhopPVYI=;
        b=Yo+79chtCUhGuiXLIYBBjAmMUdc7c0VGyWE5QfIJ1/Cue2qa5I82gAV2Ncaw9Elt5B
         ueiVNtLtnF7OISB9jjfFGek7BBedchoQDquZ8dhQ2deax9ZNdKzQrvYpPpkhV0RfurOw
         SFAc/0vZhuSWQYpCbxq4Sot8XymzAhEAaxRrwew15ENO9RiCNMqbyCaR42ha6S8wyPMA
         hA66wrYxcoC4ChtTKLpXE11JdRrUCINsCEnDy4CRz7XzaU4dHmiHqx5V7N3OaJe3DzCF
         oefl9sRXik35Gsu6YOok3+d+jJq14hI2/tj9K8hLiLls0UJ8zNXl7YVW71FsWVU4Cq2n
         Y9jA==
X-Gm-Message-State: ALoCoQkgl33jEMCTlZNniYh0RCjMhNhRHCL5b5NrSuSkb3zfrUBsLs45aNd6H/r2Xq2jeOuLE2Vt8EeYxeCKexiveK1Dbgq1xA==
X-Received: by 10.67.2.73 with SMTP id bm9mr172854181pad.94.1452417033461;
        Sun, 10 Jan 2016 01:10:33 -0800 (PST)
From: The Customize Windows <admin@thecustomizewindows.com>
X-Pgp-Agent: GPGMail 2.5.2
Content-Type: multipart/signed; boundary="Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300"; protocol="application/pgp-signature"; micalg=pgp-sha512
Subject: Testing DMARC and GNU PG
Date: Sun, 10 Jan 2016 14:40:27 +0530
Message-Id: <09683138-D098-4E9C-AE57-6D12635007A6@thecustomizewindows.com>
To: "Dr. Abhishek Ghosh" <me@abhishekghosh.pro>
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
X-Mailer: Apple Mail (2.2098)
X-Zoho-Virus-Status: 1
X-ZohoMail: SS_5 SFPD SFPP UW2468 UB6248 PIW  SF_SOIPH1_3 COSF  A9 NDL   SGR3_1_0_21125_80
X-ZohoMail-Owner: <09683138-D098-4E9C-AE57-6D12635007A6@thecustomizewindows.com>+zmo_1_<admin@thecustomizewindows.com>
X-ZohoMail-Sender: x.x.x.x
 
 
--Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
 
Hi,
 
We are testing DMARC and GNU PG for encryption.
 
Thanks.
 
--Apple-Mail=_BB0B1A89-B78C-4507-B2D2-43F46E6CF300
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
 
iQIcBAEBCgAGBQJWkiAEAAoJEChxaZWUDR0hW6MQAJEk/
...
 
pZWiGrzNpNgkAgprnJ8u=YI4c
-----END PGP SIGNATURE-----
 
--Apple-Mail=ABCD-43F46E456--

How-to-Add-DMARC,-DKIM,-SFP-to-Avoid-Email-SpoofingTagged With how do i add a dmarc record , how do i add a dmarc txt record , how to add a dmarc text record , how to add DMARC to email , how to add remailer for dmarc and dkim , iredmail add dmarc , iredmail dmark , x-zoho-virus-status: 1
Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How to Add DMARC, DKIM, SFP to Avoid Email Spoofing

  • WordPress Mandrill Alternative SendGrid Transition Guide

    SendGrid is Known Cloud Transactional Email Service With Free Quota. Here is an Easy WordPress Mandrill Alternative SendGrid Transition Guide.

  • Mandrill Account Poor Reputation : Untold Story to Fix!

    Mandrill is a Cloud Based Transactional Email Service. It is Common to Get Email Warning on Mandrill Account Poor Reputation. Here is Why.

  • Why Not to Use Your Host for Email Marketing

    Email under own domain name is the most complex and least discussed part of a website. It is possible to instruct a person to install the required packages on a server and run WordPress (or just use some shared hosting) but properly configuring the email under your domain name demands many years of experience. When […]

  • Receive Email From WordPress Using Mandrill

    For Servers With HSTS, Servers With Router Like on HP Cloud, You Can Easily Receive Email From WordPress Using Mandrill Instead of Postfix.

performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Market Segmentation in BriefSeptember 20, 2023
  • What is Booting?September 18, 2023
  • What is ncurses?September 16, 2023
  • What is JTAG in Electronics?September 15, 2023
  • iPhone 15 Pro Max Vs Samsung Galaxy S22/S23 UltraSeptember 14, 2023
PC users can consult Corrine Chorney for Security.

Want to know more about us?

Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy