Salesforce has published a SPF record for sending emails from Salesforce for years and with the Spring ’15 release, they will provide the option to sign with DKIM. The SPF record is straight forward, include:_spf.salesforce.com which includes _spf.google.com, _spfblock.salesforce.com, several IP address blocks, mx, and ends with a SoftFail ~all. Salesforce Knowledge Article Number: 000006347 […]
There are 3 types of authentication currently in use for email. DKIM SPF DMARC The different strategies do different things with email. DKIM cryptographically signs emails, preventing changes in transit, and designates a “responsible domain” through the d= value in the signature. SPF compare the sending IP and the envelope from (also known as the bounce string, return […]
According to a recent blog post, Office365 is starting to evaluate incoming messages for DMARC. I talked a little bit about DMARC in April when Yahoo started publishing a p=reject message. DMARC stands for Domain-based Message Authentication, Reporting and Conformance. What DMARC does is allow domain owners to publish policy statements in DNS telling receiver domains […]
Here are the top 6 most commented on blog topics our Industry News & Analysis blog. In April, Laura wrote about the ins and outs about Domain-based Message Authentication, Reporting & Conformance also known as DMARC. If you are not familiar with DMARC or want to know the differences between strict and relaxed alignment, read […]
I’m not a huge baseball fan, probably a side effect of growing up in a city with no MLB team. But I do enjoy the social aspects of rooting for local teams when they’re winning big games. Last night I was following the World Series score online and switched over to watch the last inning. […]
Some mornings I check mail from my phone. This showed up this morning. My first thought was “oh, no, Pizza Hut is spamming, wonder who sold them my address.” Then I remembered that iOS is horrible and won’t show you anything other than the Friendly From and maybe it was some weird phishing scheme. When […]
Alice and Bob can send messages privately via a nosy postman, but how does Bob know that a message he receives is really from Alice, rather than from the postman pretending to be Alice? If they’re using symmetric-key encryption, and Bob is sure that he was talking to Alice when they exchanged keys, then he already knows […]
It’s been a busy and exciting month for us here. Laura finished a multi-year project with M3AAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group (look for the results to be published later this year) and continued working with clients on interesting delivery challenges and program opportunities. Steve focused on development on the next version […]
Several people have asked me about how to rotate DKIM keys in the past few days (as if you’re modifying anything to mitigate replay attacks, you need to invalidate the signatures of all the mail you sent before you made those changes). You really, really should be rotating your DKIM keys on a regular […]
If you look at the DKIM-Signature header in any piece of email signed with DKIM you’ll see that one of the fields it contains, the h= field, lists some email header names, for example: h=From:Subject:Date:To:MIME-Version:Content-Type Those are the headers that were signed when the mail was sent, and they’re the only headers that will be checked […]
Recent Comments