We describe and compare three predominant email sender authentication mechanisms based on DNS: SPF, DKIM and Sender-ID Framework (SIDF). These mechanisms are designed mainly to assist in filtering of undesirable email messages, in particular spam and phishing emails. We clarify the limitations of these mechanisms, identify risks, and make recommendations. In particular, we argue that, properly used, SPF and DKIM can both help improve the efficiency and accuracy of email filtering.
|Number of pages||12|
|Journal||Computers and Security|
|State||Published - Nov 2009|
Bibliographical noteFunding Information:
Many thanks to Nathaniel (Nathan) Borenstein, Dave Crocker, Jim Fenton, John Leslie, John Levine, Chris Lewis, Amit Klein, der Mouse, Douglas Otis, Haya Shulman, Alessandro Vesely and the anonymous referees, for their helpful and constructive comments. This work was supported by Israeli Science Foundation grant ISF 1014/07.
- Internet security