Afnic publishes a tutorial on SPF, DKIM and DMARC as free software to secure emails

SPF, DKIM and DMARC are three authentication protocols that use the DNS (Domain Name System). Used together, they provide both senders and recipients with protection against fraudulent emails.

The implementation of these three protocols is complex and may hamper message deliverability, and for that reason it is not yet widely deployed. A study across .fr shows that fewer than 10% of the domain names published in the .fr zone currently make full use of the DNS to ensure the authenticity of their outgoing emails.

There is thus clearly room for improvement in the adoption of SPF, DKIM and DMARC, which can mitigate the risks and the disastrous consequences of identity theft in emails.

Marc van der Wal, R&D engineer with Afnic, demonstrated how SPF, DKIM and DMARC work at JCSA 2023 (Afnic Scientific Council Day 2023), FGI France (the French Internet Governance Forum) and EMDay  (France’s main online marketing event). He first used the example of a phishing campaign to show how easy it is for an ill-intentioned person to falsify the sender address of an email and spoof the domain name of a sender. He then explained how to configure SPF, DKIM and DMARC on the sender’s domain name and eventually stop the attacker in its tracks.

Since these tutorials have aroused great interest and expectation, Afnic has decided to create and offer a free and open version of the source code.

A tutorial as free software to demystify SPF-DKIM-DMARC and understand how it works

Afnic has opted for a graphical web-based interface that is intuitive and accessible to a wide public including non-experts. This version of the tutorial also allows users to experiment and to get off to a completely safe start thanks to a “sandbox” with no risk to oneself or to others (the platform cannot send emails over the Internet: only the online interface is accessible from the outside).

Easy to deploy on one’s server or technical infrastructure, the platform has also been designed with the goal of offering an environment suitable for demonstration and training. It will help raise awareness of these mechanisms.

Under the hood, as it were, there lies a kind of pared-down and extremely simplified model of the Internet. The tutorial consists exclusively of free software and custom developments which are from now on also free software.

With this tutorial, Afnic hopes to foster a better understanding and wider adoption of these mechanisms which are so indispensable to hardening the security of exchanges by email.

For those wishing to go more deeply into the matter, Afnic also offers a two-day dedicated training session on SPF, DKIM and DMARC, to enable you to configure an email policy guaranteeing the authenticity and deliverability of your email communications using the DNS.