Secure Email: SPF/STARTTLS, DANE/DMARC and DKIM


This post is over 5 years old, it may be out of date.

Recently, C&CZ worked on DNS based techniques that can be used to fight spam, phishing and eavesdropping of mail. Of the list of mandatory open standards of the [https://www.forumstandaardisatie.nl/open-standaarden/lijst/verplicht?f%5B0%5D=field_keywords%3A68 Pas-Toe-of-Leg-Uit] list w.r.t. email, C&CZ implemented SPF a while ago. Because strict implementation [https://en.wikipedia.org/wiki/Sender_Policy_Framework#FAIL_and_forwarding breaks simple/automatic forwarding], SPF has not been implemented in a strict manner. Also STARTTLS for mail encryption has been implemented a while ago. Recently, we introduced [https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities DANE] and DMARC, which makes it possible to start with DKIM.