🔐 Day 24: SMTP Security
Sending an email is one thing; ensuring it's authentic and secure is another. SMTP security protocols like SPF, DKIM, and DMARC are the "Triple Guard" of your inbox. 🛡️
📍 1. MX Records (Mail Exchange)
We previously discussed MX records in the DNS chapter. They deal specifically with incoming mail. If I send an email from my Gmail to company@store.com, my SMTP server asks the DNS: "Where is store.com?" The DNS server looks up the MX records for store.com to find its specific SMTP server and deliver the mail.
🛡️ 2. Email Security Layers
📋 1. SPF (Sender Policy Framework)
SPF is a list in your DNS settings that specifies: "Only these IPs or servers are authorized to send mail on my behalf."
How it works (Step-by-Step):
- You send an email to
friend@yahoo.comfromusman@gmail.com. - The email arrives at the Yahoo SMTP server.
- Yahoo asks: "Is this really from
gmail.com?" - Yahoo checks the DNS records for
gmail.comand finds the SPF record. - If the sending server matches the SPF list, the mail is delivered; otherwise, it's flagged or deleted.
Who manages SPF?
For standard services like@gmail.com, Google manages the SPF record. If you own your own domain (e.g.,@yourname.com), you must define your own SPF record in your DNS settings.
🔏 2. DKIM (DomainKeys Identified Mail)
Similar to DNSSEC, DKIM adds a digital signature to every email you send. It acts as a "Digital Wax Seal" that can only be verified using your public key. If the signature doesn't match, the mail has been tampered with.
🚦 3. DMARC
The final hurdle for hackers. If SPF or DKIM fails, DMARC tells the receiving server exactly what to do (e.g., "Reject the mail" or "Send to Spam").
🔐 4. Encryption (TLS)
Without TLS (Transport Layer Security), email travels as plain text. Adding TLS creates a secure tunnel, ensuring that any intercepted data appears as scrambled, unreadable gibberish.
Note: We will dedicate a separate session to TLS in the future.