Email Communication Security
Last updated
Last updated
Email is a powerful and universal channel, but its open architecture requires specific security protocols to function securely. Properly configuring your sending domain is the most important action you can take to improve your email deliverability and protect against fraud.
This is the process of proving you have the right to send emails from your domain. It involves configuring standards like SPF, DKIM, and DMARC to build a trustworthy sender reputation. For a comprehensive guide, please see our detailed .
What it is: SPF is an email authentication method that specifies which mail servers (by their IP addresses) are authorized to send email on behalf of your domain.
How it works: You publish a list of approved sending servers in a special TXT record in your domain's DNS. When a recipient's mail server receives an email from your domain, it checks the SPF record to see if the sending server's IP address is on your authorized list. If it matches, the email passes the SPF check.
Why it matters: SPF is your first line of defence against basic email spoofing, where an attacker sends emails that appear to be from you.
What it is: DKIM provides a way to "sign" your emails with a digital signature, ensuring that the message content has not been tampered with during transit.
How it works: When you send an email through MessageFlow, we use a private cryptographic key to create a unique digital signature based on the content of the email. This signature is added to the email's headers. The corresponding public key is published in your domain's DNS. The recipient's mail server retrieves this public key to verify the signature. If the verification is successful, it proves two things: that the email genuinely came from your domain, and that its content (including attachments) has not been altered.
Why it matters: DKIM provides a strong guarantee of message authenticity and integrity, protecting against more sophisticated phishing and man-in-the-middle attacks.
What it is: DMARC is a policy layer that builds on SPF and DKIM. It tells receiving mail servers what to do with emails that fail SPF or DKIM checks and provides valuable feedback reports.
How it works: You publish a DMARC record in your DNS that defines your policy. This policy can be:
p=none: The "monitoring" policy. It tells servers to deliver the email and just send you a report. This is the recommended starting point to gather data.
p=quarantine: Tells servers to treat failed emails with suspicion, usually by placing them in the spam or junk folder.
p=reject: The strictest policy. It instructs servers to completely reject emails that fail authentication. DMARC reports (RUA/RUF) give you priceless insight into who is sending email from your domain, helping you identify legitimate sources and detect abuse.
Why it matters: DMARC gives you control over your email domain, protects your brand from being used in phishing attacks, and is a prerequisite for BIMI.
What it is: BIMI is an email standard that allows you to display your brand's official logo next to your authenticated messages directly in the recipient's inbox.
How it works: To implement BIMI, you must first have a strong DMARC policy in place (p=quarantine or p=reject). You then need to publish another DNS record that points to your brand's logo in a specific SVG format. For some mail providers, the logo must also be verified and certified through a document called a Verified Mark Certificate (VMC).
Why it matters: BIMI provides an immediate, powerful visual cue of authenticity, increasing brand recognition, recipient trust, and potentially boosting engagement rates.
What it is: Transport Layer Security (TLS) is a cryptographic protocol that encrypts the connection between mail servers.
How it works: When MessageFlow sends an email to a recipient's mail server, it first attempts to establish a secure TLS connection (known as a "TLS handshake"). If successful, the entire content of the email is encrypted for its journey across the internet. This prevents third parties from eavesdropping on or intercepting the communication between the servers.
Why it matters: TLS ensures the privacy and confidentiality of your email communications, protecting sensitive information as it travels from our servers to the recipient's provider. MessageFlow supports and prioritizes TLS encryption for all email sending.