SPF and DKIM
SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are used as validation methods to check that an incoming email message claimed to come from a specific domain was authorized by the owner of that domain. This helps protect recipients from receiving spoofed email messages. ESET Mail Security also uses DMARC (Domain-based Message Authentication, Reporting and Conformance) evaluation to further enhance upon SPF and DKIM.
SPF check is performed to verify if an email was sent by a legitimate sender. A DNS lookup for SPF records of the sender's domain is performed to get a list of IP addresses. If any of the IP addresses from SPF records matches the actual IP address of the sender, the result of the SPF check is a Pass. If the sender's actual IP address does not match, the result is a Fail. However, not all domains have SPF records specified in DNS. If there are no SPF records present in DNS, the result is Not available. A DNS request may timeout occasionally, in which case the result is also Not available.
DKIM is used by organizations to prevent email message spoofing by adding a digital signature to the headers of outgoing messages according to the DKIM standard. This involves using a private domain key to encrypt your domain's outgoing mail headers, and adding a public version of the key to the domain's DNS records. ESET Mail Security can then retrieve the public key to decrypt incoming headers and verify that the message really comes from your domain and its headers hasn't been changed along the way.
DMARC is built on top of the two existing mechanisms, SPF and DKIM. You can use Mail Transport protection rules to evaluate DMARC result and Apply DMARC policy action.
•Auto detect DNS servers - Uses settings of your network adapter.
•DNS server IP address - If you want to use specific DNS servers for SPF and DKIM, enter the IP address (in IPv4 or IPv6 format) of the DNS server you want to use.
•DNS query timeout (seconds) - Specify timeout for DNS reply.
•Automatically reject messages if SPF check failed - If your SPF check results in an immediate fail, an email message can be rejected before it is downloaded.
•Use From: header if MAIL FROM is empty - The header MAIL FROM can be empty, and can also be easily spoofed. When this option is enabled and MAIL FROM is empty, the message is downloaded and the header From: is used instead.
•Automatically bypass Greylisting if SPF check passed - There is no reason to use Greylisting for a message if its SPF check result was Pass.
SMTP reject response - You can specify a Response code, Status code and Response message which define the SMTP temporary denial response sent to the SMTP server if a message is refused. You can enter a response message in the following format: