DNS-based email sender authentication mechanisms: A critical review

Amir Herzberg

Research output: Contribution to journalReview articlepeer-review

25 Scopus citations

Abstract

We describe and compare three predominant email sender authentication mechanisms based on DNS: SPF, DKIM and Sender-ID Framework (SIDF). These mechanisms are designed mainly to assist in filtering of undesirable email messages, in particular spam and phishing emails. We clarify the limitations of these mechanisms, identify risks, and make recommendations. In particular, we argue that, properly used, SPF and DKIM can both help improve the efficiency and accuracy of email filtering.

Original languageEnglish
Pages (from-to)731-742
Number of pages12
JournalComputers and Security
Volume28
Issue number8
DOIs
StatePublished - Nov 2009

Bibliographical note

Funding Information:
Many thanks to Nathaniel (Nathan) Borenstein, Dave Crocker, Jim Fenton, John Leslie, John Levine, Chris Lewis, Amit Klein, der Mouse, Douglas Otis, Haya Shulman, Alessandro Vesely and the anonymous referees, for their helpful and constructive comments. This work was supported by Israeli Science Foundation grant ISF 1014/07.

Keywords

  • DKIM
  • Email
  • Internet security
  • Phishing
  • SIDF
  • SMTP
  • SPF
  • Sender-ID
  • Spam

Fingerprint

Dive into the research topics of 'DNS-based email sender authentication mechanisms: A critical review'. Together they form a unique fingerprint.

Cite this