Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Email Authentication: What you need to know

Email Authentication: What you need to know

Wildbit

April 16, 2018
Tweet

More Decks by Wildbit

Other Decks in Programming

Transcript

  1. • Spend my days at Postmark onboarding new clients •

    Work out of our headquarters here in Philadelphia • Big fan of the great outdoors • Newly minted private pilot • Music and coffee aficionado. • I spend my days at Postmark troubleshooting technical problems for our customers • Work remotely from the Pacific Northwest. Marek Loder Patrick Graham
  2. What is Postmark? A fast & reliable transactional-only email platform

    for web applications Your customers expect application emails to arrive immediately, not eventually. Reaching the inbox isn’t enough
  3. 1. What are the authentication methods and how do they

    work? 2. Why are they important for you? What are you going to learn?
  4. Github’s SPF Record v=spf1 ip4:192.30.252.0/22 include:_spf.google.com include:mail.zendesk.com ~all This is

    an SPF record Defines an IP range Google and ZenDesk mail servers Accept all mail. (Soft Fail)
  5. Github’s SPF Record v=spf1 ip4:192.30.252.0/22 include:_spf.google.com include:mail.zendesk.com ~all This is

    an SPF record Defines an IP range Accept all mail. (Soft Fail) Google and ZenDesk mail servers
  6. Only use one SPF record v=spf1 include:_spf.google.com ~all TXT v=spf1

    include:mail.zendesk.com ~all TXT v=spf1 include:_spf.google.com include:mail.zendesk.com ~all TXT SPF Gotchas
  7. DKIM Private Key -----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQDWnZ5hejTvASYrXmwk/hHOsAFDri2zWYnX2KD+yKB7OG6eVqd6 L0HxcY8ds7HJrEaNtVMoic7XazqHyfhyTagPQ9z1ijdQTAhCwXpO4GOutu5tbTcN bVIgWH/hE8OnDOKuCbLn79VYfIQEu9bnOyKGreU9kuxYROv7737OhnwiEwIDAQAB

    AoGBAJvwbPtA86NR/2z1r7h1T3UR1+lYbuZpQcovIlPebRT7XQz5w7j5C34m2Clp vt3dqmoe/WxwLXXC+QVfUIGlQV15KmA+2+jjYwVCC0lfLsp+xZxnvOyOcCoppbv7 Lbqt9gmF/JwPOUYq3KD+iVwpKiE89Y5DBOFBmaCk6kA4IyXxAkEA9OK5xX9e9fdf MzdJamQ56oMF5CkspVfCCFI4R5zwkRE4R+1pDgYRpvxe2eHk+gEw7nsMpghh6Von begKCr+2yQJBAOBbMWF3Q+556TuAKnCgWd9ZD4BcBEboMFwwXDCaewFVM6dHHcKS wySKyHBP0QjFoP7ESrHglxC/PWqBQ0TbE/sCQBeKZAlUQTCr4v7tZaVQlTCx/7L7 MkuCsChUnwxjTczkNuDTNbIfazr+L7AKQxS1YJrMQV8El0TzYa7zC2QVIeECQQCN 9aXdQhXdw43sdEBmW1ACntvMIG0kYK6Y5pCuwFCsmzi/06PlBfAsIxSI3DgsEMC5 84I/4xgzJI674WarHuQZAkEAqrceOh0yLADMAJlztXsbh96fk//AtPn20FdW/0dE SFGvG8GqV7B99nj/O1BV6V5mfO3bzCtleAJbaptniIL56A== -----END RSA PRIVATE KEY----- Stored secretly by the sender
  8. DKIM Signature DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wildbit.com; s=google; h=from:mime-version:date:message-id:subject:to:cc; bh=i/ep9kKrYpLMJ4OkXiiAVdd16bxlMgi4OcpDEQzV55U=;

    b=CgpzvIVR3mMRXmktyTXAUBFYM3MNgM77WrpGmSqy2Lyeq6aObuzcBCDgh0ZTkgw8lI A8kVodA4EpFOuc66GrJtLFBoy1MxWzUJP25WgAIPj0plbFObXlpJJKMDC0bEoXSnUZrB DVMEDhw8fyP73mgKKfGGzrfja2nE/kUv1WdfU= SMTP header
  9. SPF passing and DMARC SPF passing are not the same

    thing. DMARC SPF alignment requires that the From address domain matches the Return-Path domain DMARC - SPF alignment gotcha
  10. SPF Domain-based way to say what IPs are allowed to

    send email for you. DKIM Message-based signatures to verify your email is unmodified. DMARC Domain-based way to tell receivers how to handle authentication failures for your domain. Email Authentication Methods
  11. Unprecedented Troubleshooting 45 days of email activity Search all your

    messages Detailed message events Advanced filtering
  12. Customer support that’s human Made the switch to @postmarkapp today.

    The customer service and delivery rates are awesome. Samuel Goudie “ Postmark has stellar customer service. I don't think I have ever waited more than a few minutes for a response to an email. Christopher Dundy “ Ashley Dana Marek Patrick
  13. DMARC Reports MailMason SpamCheck StyleMerge MailBrush Templates Mustachio Webhooks MailHandler

    postmarkapp.com/labs Check out our free & open source tools at…