What is it?
SPF, DKIM and DMARC are security standards used for reducing spoofing of your e-mail. By implementing SPF, DKIM and DMARC, you help the receiving party verify that the mail they just received is in fact from you, and not someone pretending to be you. This will help them determine what do do with incoming e-mail – allow it to pass, mark it as junk, quarantine it or reject it. I highly recommend using SPF, DKIM and DMARC. I’ve explained them briefly below.
SPF
SPF (Sender Policy Framework) is an email authentication method designed to detect forging sender addresses during the delivery of the email. The goal is to have a mechanism to tell the receiving mail provider what mail servers are allowed to send e-mail on your behalf. This is done by adding a DNS record stating the servers (their IP or an include to a server lookup) that are allowed to send mail for that domain. An example record could look like this: v=spf1 include:spf.protection.outlook.com -all
DKIM
DKIM (DomainKeys Identified Mail) is an email security standard designed to make sure messages aren’t altered in transit between the sending and recipient servers. It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message hasn’t changed during transit. Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.
DKIM is something you set up within your mail infrastructure. For Exchange Online, this can be set in the Microsoft Defender portal https://security.microsoft.com/dkimv2
DMARC
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. Spammers can forge the “From” address on messages so the spam appears to come from a user in your domain. DMARC is used with SPD and DKIM . DMARC can also be set up to receive aggregate and/or forensic reports from certain mail providers, giving you visibility into who sends e-mail on your behalf.
A simple example DMARC record could look like this: v=DMARC1; p=quarantine; rua=mailto:clientid@mailpartner.com;
CLOUDWALKER 