Email Validation

SPF
Sender Policy Framework (SPF) is a protocol that allows domain name owners to control which internet hosts are allowed to send email on their behalf.

This mechanism can be used to reduce the effect of email spoofing and prevents outgoing spam messages.

An example in BIND DNS syntax: @                14400   IN   TXT   "v=spf1 a mx ip4:93.184.216.34 include:_spf.example.com ~all"

Where:
 * v      Defines the version of SPF used.
 * a      If the domain name has an address record (A or AAAA) that can be resolved to the sender's address, it will match.
 * mx     If the domain name has an MX record resolving to the sender's address, it will match.
 * ip4    If the sender is in a given IPv4 address range, it will match.
 * include References the policy of another domain. If that domain's policy passes, this mechanism passes. However, if the included policy fails, processing continues.
 * all    Matches always; used for a default result like -all for all IPs not matched by prior mechanisms.

Each of them can be combined with one of four qualifiers:
 * + for a PASS result. This can be omitted; e.g., +mx is the same as mx.
 * ? for a NEUTRAL result interpreted like NONE (no policy).
 * ~ for a SOFTFAIL result. Messages are accepted but tagged.
 * - for a FAIL result. The mail should be rejected.

DKIM
DomainKeys Identified Mail (DKIM) allows your server to verify incoming email and prevent incoming spam messages.

This feature ensures that incoming messages are unmodified and are genuinely from the indicated sender.

An example in BIND DNS syntax: _domainkey       14400   IN   TXT   "o=~" dkim._domainkey  14400   IN   TXT   "v=DKIM1; k=rsa; p=MIG...QAB; s=email"

Where:
 * o  is the outbound signing policy ('-' means that all e-mails from this domain are signed, '~' is the default and means that some e-mails from this domain are signed).
 * v  is the version.
 * k  is the signing algorithm (rsa is the default).
 * p  is the public key.
 * s  is a colon-separated list of service types to which this record applies.

DMARC
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a scalable mechanism by which a mail-originating organization can express domain-level policies and preferences for message validation, disposition, and reporting, that a mail-receiving organization can use to improve mail handling.

An example in BIND DNS syntax: _dmarc           14400   IN   TXT   "v=DMARC1;p=quarantine;sp=reject;pct=100;rua= mailto:me-d@dmarc.report-uri.com "

Where:
 * v  is the version.
 * p  is the policy for organizational domain (none, quarantine or reject).
 * sp is the policy for sub-domain (none, quarantine or reject).
 * pct is the percent of emails subjected to filtering (default is 100).
 * rua is the URI to send aggregate reports to.
 * ruf is the URI to send forensic reports to.

Links

 * Email Authentication - Wikipedia
 * DKIM Official Site
 * DMARC Official Site
 * Report URI