Chapter 7 covers DMARC, SPF, and DKIM in detail. Anyone involved in anti-phishing activities should understand the benefits of these three anti-phishing email standards. Every organization should have all three standards implemented for both sending and receiving email.

The Core Concepts

Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and Domain Keys Identified Mail (DKIM) are related global anti-phishing standards that allow email receivers to verify if an email that claims to be from a particular sending domain is really from the domain it claims. In short, it helps to prevent email domain spoofing. DMARC relies on SPF and DKIM. DMARC provides proactive protection even without either SPF and/or DKIM being enabled (although you’ll want both enabled to get the most complete protection).

Email senders can use DMARC to ...