DNS-based email sender authentication mechanisms: A critical review

Amir Herzberg

Research output: Contribution to journalReview articlepeer-review

25 Scopus citations


We describe and compare three predominant email sender authentication mechanisms based on DNS: SPF, DKIM and Sender-ID Framework (SIDF). These mechanisms are designed mainly to assist in filtering of undesirable email messages, in particular spam and phishing emails. We clarify the limitations of these mechanisms, identify risks, and make recommendations. In particular, we argue that, properly used, SPF and DKIM can both help improve the efficiency and accuracy of email filtering.

Original languageEnglish
Pages (from-to)731-742
Number of pages12
JournalComputers and Security
Issue number8
StatePublished - Nov 2009

Bibliographical note

Funding Information:
Many thanks to Nathaniel (Nathan) Borenstein, Dave Crocker, Jim Fenton, John Leslie, John Levine, Chris Lewis, Amit Klein, der Mouse, Douglas Otis, Haya Shulman, Alessandro Vesely and the anonymous referees, for their helpful and constructive comments. This work was supported by Israeli Science Foundation grant ISF 1014/07.


  • DKIM
  • Email
  • Internet security
  • Phishing
  • SIDF
  • SMTP
  • SPF
  • Sender-ID
  • Spam


Dive into the research topics of 'DNS-based email sender authentication mechanisms: A critical review'. Together they form a unique fingerprint.

Cite this