How to Explain SPF and DKIM to a Kid?

Email authentication can be highly technical and extremely confusing. Even the most experienced security professionals need help when it comes to the setup and explaining it in digestible yet accurate terms to non-technical colleagues.

SPF (Sender Policy Framework) is a DNS text entry record which shows a list of servers that should be considered allowed to send mail to a specific domain.

Let’s say that every sender, before sending mails, needs to choose the post office (server) from which those mails will be sent. Now, imagine Amazon as a sender’s post office from which he/she wants to get approval to his/her email.

In order to do this, two documents are needed from Amazon.
1. SPF — a document that approves Amazon as the sender’s post office (server).
2. DKIM — the document that contains the recipient’s unique signature.
Once those documents are obtained, the sender needs to keep a copy for him/herself and share a copy with the government.

The government, in our case, represents anything that is publicly available on the internet. You can use one of these tools to check your SPF and DKIM keys.

DKIM (DomainKeys Identified Mail) is a method to verify that the content of the messages is trustworthy, meaning that they weren’t changed from the moment the message left the initial mail server. Once again, the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message signature is correct.

After the mail is sent, it’s delivered to the Recipient’s Post Office where they check if the mail is sent from an approved post office, and if the sender’s address and signature have changed.

DMARC (Domain-based Message Authentication, Reporting and Conformance) enables SPF and DKIM by stating a clear policy. If one, or both, of the SPF and DKIM checks succeed and are aligned with the policy set by DMARC, then the check is considered successful. Otherwise, it’s set as failed.

The recipient’s post office checks if the documents are aligned with their policy, the DMARC policy. If everything looks accurate, the document report is considered successful and mail is delivered to the recipient.

If the sender doesn’t have documents from an approved post office set up in the right way, the recipient’s post office can decide not to send mail to the recipient’s mailbox (it will be sent to the spam folder).

SPF and DKIM can directly improve your email deliverability, and it’s important that it’s set up correctly.

Whether you’re a veteran IT administrator or a marketer without any IT knowledge, you need to understand how SPF and DKIM works and what it’s used for. When our users are concerned about campaign deliverability, one of the first steps we take to improve it is to set up SPF/DKIM records. If you are still not sure how to set up records by yourself, contact MoonMail support, and we’ll gladly help you.