Skip to main content

Sender Authentication

📄️ SPF

SPF (Sender Policy Framework) is a simple email validation protocol designed to detect email spoofing. It is a security measure that is used to prevent unauthorized use of a domain name in email messages. SPF works by verifying that an incoming email message is coming from an IP address that is authorized by the domain owner. This is done by checking the message's source IP address against a list of authorized IP addresses that is published in the domain's SPF record in the DNS. If the source IP address of the email message is not listed in the domain's SPF record, the receiving email server can reject or flag the message as potentially fraudulent. This helps to reduce the risk of phishing and other types of email-based fraud and abuse.

📄️ ARC

Authenticated Received Chain (ARC) is a protocol for email authentication that is used to establish a chain of trust between email domains. It is designed to provide a way for email receivers to authenticate the domain of the sender of an email message, even if the message has been forwarded multiple times. The ARC protocol works by adding a new header to an email message that contains information about the authentication status of the message at each hop along its delivery path. This header is then used by email receivers to validate the authenticity of the message and determine if it is trustworthy. By using ARC, email receivers can have greater confidence in the authenticity of an email message, even if it has been forwarded multiple times or passed through multiple email servers.


DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email authentication protocol that provides a mechanism for email receivers to determine if incoming messages are legitimate and were sent from authorized sources. It allows a sender's domain to publish a policy that specifies how email receivers should handle messages that fail SPF and/or DKIM authentication checks. The DMARC policy is stored in a specially-formatted TXT record in the domain's DNS records, and email receivers can use this information to decide whether to accept, reject, or flag an incoming message based on the results of SPF and DKIM checks. DMARC also provides a reporting mechanism that enables the sender to receive feedback on how their messages are being handled by email receivers. This feedback can be used to improve the accuracy and effectiveness of SPF and DKIM configurations, as well as monitor for potential abuse of the sender's domain.

📄️ Reverse IP

Reverse IP verification is a security mechanism used in SMTP to validate the authenticity of the connecting client's IP address. In reverse IP verification, the SMTP server performs a reverse lookup of the connecting client's IP address to see if it matches the hostname provided by the client in the EHLO or HELO command. If the reverse lookup does not match the hostname provided by the client, the SMTP server can reject the connection as a precaution against malicious actors attempting to disguise their IP address in order to send spam or perform other malicious activities. By enabling reverse IP verification in Stalwart SMTP, administrators can help ensure that incoming SMTP connections are legitimate and prevent the server from being used to send unwanted or harmful messages.

📄️ Report Analysis

Stalwart SMTP has the ability to automatically analyze incoming DMARC, DKIM, SPF, and TLS reports that are sent by other domains, which eliminates the need for manual intervention and saves time and effort for the system administrator. In case any TLS or message authentication issues are found, an event is recorded in the log file or sent to OpenTelemetry. By turning reports into actionable events, system administrators can quickly detect and respond to configuration errors and any instances of abuse, such as spam or phishing, which helps to maintain the integrity of the email system.