In recent years, cybercriminals and hackers have been able to distribute scams, spam and viruses via email by using fake or false sender details. This big threat has improved over time but there is still in evidence today.

DKIM and SPF are there to protect you from cybercriminals, con artists, fraudsters (call them what you will) that scour the Internet in search of security vulnerabilities so that they can distribute nasties. So here, we will explain what DKIM and SPF are and why they are so important in the protection of your domain and email.

It has taken a while for the development of protocols such as DKIM and SPF to appear that verify the senders of email. Prior to this, the mechanisms available were limited and were not much of a deterrent to prevent cybercriminals from committing fraud.

DKIM and SPF do not solve the problem completely as there is still sender falsification going on today allowing the spread of viruses, phishing emails and scams. But thanks to DKIM and SPF it is a lot harder to achieve sender falsification these days. Therefore, you need to be aware of these protocols, and ensure you enabled them for your domain name and email.

What is DKIM (Domain Keys Identified Mail)?

In simple terms, DKIM provides email authentication by enabling a domain owner to accept responsibility for an email message that the recipient can verify. When you use DKIM, you will enable public key cryptography that verifies email messages originated from authorized mail servers. This prevents fraud and the distribution of spam.

What is SPF (Sender Policy Framework)?

This is another email authentication protocol. It establishes a process for email message validation. When you use SPF, you can verify sending from authorized mail servers, identify any forgeries, and prevent the distribution of spam. Domain owners are able to identify the exact mail servers they can send from when using SPF.

How it all works

DKIM adds a digital signature to email message headers. Validation takes place by comparing this signature to a cryptographic public key that the domain owner stores in their DNS record.

The owner of the domain name uses a cryptographic public key contained within a special TXT record that forms part of their DNS record. When the email server sends a message, it attaches the unique DKIM digital signature to the message header.

Inbound mail servers will identify and decrypt the signature and compare this to a new version. When there is a match, authentication of the email occurs. It proves that there was no altering of the message during sending and that there is no fraud. You can use a DKIM validator to validate your emails.

With SPF, the administrator of the domain creates a policy, which defines the mail servers authorized to send email messages from the domain. This is an SPF record, and is included in the DNS records.

As soon as an inbound mail server recieves a new email it checks the rules for the return path domain in DNS records. It will check the IP address of the sending server with the IP address specified in the DNS record.

The inbound mail server then checks the rules associated with the SPF record and will decide to accept, flag or reject the email. SPF provides a good way of verifying that the email originated from an authorized mail server.

Why you need to use DKIM and SPF

If you are in business then it is essential that you use both DKIM and SPF for your email transactions. Both of these protocols will protect you from spoofing and phishing attacks. They will also protect the relationship that you have with your customers and maintain the reputation of your brand.

You need to do everything you can to ensure that emails you send to your customers will end up in their inbox unaltered. Using the DKIM and SPF protocols are the first step you can take to achieve this. The last thing you want is for some hacker to intercept your emails and add a phishing or a spam element to them.

Enabling DKIM and SPF in cPanel

If you have a premium web hosting account with us then we will enable both DKIM and SPF by default. However, in case you do not have a hosting account with us or both of these are disabled we will explain how to enable them in cPanel.

The first thing to do is to login to your cPanel account.  Now you want to navigate to the “Email” section and look for “Authentication”. Double click on this to open a new window. In this window, you should see options for enabling both DKIM and SPF. Just click on the “Enable” button and this will add the appropriate records to your DNS.

We always enable DKIM and SPF

When you have a premium web hosting account from us you will always find DKIM and SPF enabled by default in your cPanel. We don’t only care about the security of your domain and website but we care about your reputation as well. It is never good for people to perceive that your domain sent out harmful emails.

If you don’t have a premium web hosting account with us then what are you waiting for? We have ultra-fast servers and we provide very high levels of security. You get Imunify360 with all of our hosting plans that will protect your web files from malware. Find out more here.