Email is inherently flawed.
Email is built on trust. Yes, trust, and many hacked-together solutions, such as SPF and DKIM, are slapped on top of it. That doesn’t mean those systems are bad, though; just that they are “added on” and not a core part of email.
In the early days of email, you connected to the mail server where you wanted to deliver a message, told the server who you were and to whom to deliver the message, and then the contents of your message. That was it – you delivered an email. The astute among you may have already realized the problem and have probably experienced it yourself: spoofing.
Spoofing is when an email’s “from” header is forged to look like it came from someone it did not. We’ve all received emails addressed from us to us that we didn’t send – and that’s an example of spoofing.
Email is built on trust – trust that the sender is who they claim to be. How do you really know, though? How can you be sure that the email from your bank is really from your bank and not someone pretending to be your bank to steal your information?
Continue reading “SPF and DKIM – What is it and why block the failures?”