|
|
|
|
|
|
by marcbradshaw
1953 days ago
|
|
|
SPF asserts that a given IP address is authorized to send mail from a particular envelope sender domain (the user typically does not see this domain)
An email with a user visible From address of potus@whitehouse.gov can have passing SPF from evil.com DKIM asserts that the message contents have been sent by a particular domain (or domains), that domain does not necessarily relate to either the envelope sender domain, or the domain the user sees in the From address.
Again, an email from potus@whitehouse.gov can have a perfectly valid DKIM signature from phisher.com DMARC is a policy layer over the top of these, which ties the domain the user actually sees in the From address back to those used in SPF and DKIM.
This is where the potus@whitehouse.gov email starts getting blocked. Neither the SPF nor DKIM of the email are "aligned with" whitehouse.gov, and we can start to do something about the spoofing. |
|
|