Email stuff
From the THM “Phishing prevention” room.
SPF
The Sender Policy Framework is used to authenticate the sender of an email. It’s a DNS TXT record listingi the IPs that are allowed to send email on behalf of your domain.
Receiving server checks DNS record for the SPF record.
DKIM
DomainKeys Identified Mail is another way to authenticate the sender of an email. Outbound mail is signed. Public key is published to DNS.
Sending server signs it with the private key. Receiver checks to see if the signature is valid
DMARC
Domain-Based Message Authentication, Reporting, and Conformance
Sending adds DMARC to DNS. DMARC gives guidelines to receivers on how to handle an email if it fails SPF and DKIM
1 Sending sends 2 receiver checks SPF 3 then DKIM 4 then DMARC 5
S/MIME
Secure/Multipurpose Internet Mail Exchange. Like MIME, but secure. It keeps it secure through use of Digital Signatures and Encryption. encrypt with the private key, decrpyt with the public key. The receiver can get the public key from the sender’s digital certificate.
SMTP
The protocol mail is sent over, usually port 25