Aller au contenu Aller au menu principal Aller au menu secondaire Aller au pied de page

Afnic publishes a tutorial on SPF, DKIM and DMARC as free software to secure emails

Home > Observatory and resources > News > Afnic publishes a tutorial on SPF, DKIM and DMARC as free software to secure emails
12/05/2023

Afnic, the registry for .fr Internet domain names, has published a tutorial to encourage the use of SPF, DKIM and DMARC authentication methods, based on the DNS. The objective is to prevent the risks associated with email (spam, phishing, etc.).

SPF, DKIM and DMARC are three authentication protocols that use the DNS (Domain Name System). Used together, they provide both senders and recipients with protection against fraudulent emails.

The implementation of these three protocols is complex and may hamper message deliverability, and for that reason it is not yet widely deployed. A study across .fr shows that fewer than 10% of the domain names published in the .fr zone currently make full use of the DNS to ensure the authenticity of their outgoing emails.

There is thus clearly room for improvement in the adoption of SPF, DKIM and DMARC, which can mitigate the risks and the disastrous consequences of identity theft in emails.

Marc van der Wal, R&D engineer with Afnic, demonstrated how SPF, DKIM and DMARC work at JCSA 2023 (Afnic Scientific Council Day 2023), FGI France (the French Internet Governance Forum) and EMDay  (France’s main online marketing event). He first used the example of a phishing campaign to show how easy it is for an ill-intentioned person to falsify the sender address of an email and spoof the domain name of a sender. He then explained how to configure SPF, DKIM and DMARC on the sender’s domain name and eventually stop the attacker in its tracks.

Since these tutorials have aroused great interest and expectation, Afnic has decided to create and offer a free and open version of the source code.

A tutorial as free software to demystify SPF-DKIM-DMARC and understand how it works

Afnic has opted for a graphical web-based interface that is intuitive and accessible to a wide public including non-experts. This version of the tutorial also allows users to experiment and to get off to a completely safe start thanks to a “sandbox” with no risk to oneself or to others (the platform cannot send emails over the Internet: only the online interface is accessible from the outside).

Easy to deploy on one’s server or technical infrastructure, the platform has also been designed with the goal of offering an environment suitable for demonstration and training. It will help raise awareness of these mechanisms.

Under the hood, as it were, there lies a kind of pared-down and extremely simplified model of the Internet. The tutorial consists exclusively of free software and custom developments which are from now on also free software.

With this tutorial, Afnic hopes to foster a better understanding and wider adoption of these mechanisms which are so indispensable to hardening the security of exchanges by email.

For those wishing to go more deeply into the matter, Afnic also offers a two-day dedicated training session on SPF, DKIM and DMARC, to enable you to configure an email policy guaranteeing the authenticity and deliverability of your email communications using the DNS.

Link to the source code of the platform

About Afnic

Afnic is the acronym for Association Française pour le Nommage Internet en Coopération, the French Network Information Centre. The registry has been appointed by the French government to manage domain names under the .fr Top Level Domain. Afnic also manages the .re (Reunion Island), .pm (Saint-Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) French Overseas TLDs.

In addition to managing French TLDs, Afnic’s role is part of a wider public interest mission, which is to contribute on a daily basis, thanks to the efforts of its teams and its members, to a secure and stable internet, open to innovation and in which the French internet community plays a leading role. As part of that mission, Afnic, a non-profit organization, has committed to devoting 11% of its Revenues from managing .fr Top Level Domain to actions of general interest, in particular by transferring €1.3 million each year to the Afnic Foundation for Digital Solidarity.
Afnic is also the back-end registry for the companies as well as local and regional authorities that have chosen to have their own TLD, such as .paris, .bzh, .alsace, .corsica, .mma, .ovh, .leclerc and .sncf.

Established in 1997 and based in Saint-Quentin-en-Yvelines, Afnic currently has nearly 90 employees.