Picto thématique

Rule n° 217 - The email domain is authenticated

Emails sent to users are crucial to the quality of online experiences. It is therefore important to ensure that they arrive safely, do not end up in spam folders, and that the email servers associated with the website or application are considered trustworthy throughout the entire email transmission and reception chain. To achieve this, it is essential to authenticate the email domain correctly.

#Development #Security

Goal

  • Protect users from fraudulent or spoofed emails,
  • Improve the deliverability of legitimate emails (newsletters, confirmations, alerts),
  • Strengthen the reputation and reliability of the sending domain,
  • Reduce the risk of emails being classified as spam,
  • Comply with the requirements of major email providers,
  • Monitor emails sent with the domain name.

Implementation

For each domain used to send emails:
  • SPF: Add a TXT record to the domain's DNS listing the servers authorized to send emails for that domain.
  • DKIM: Configure cryptographic signing of emails sent via a private key, and publish the public key in the domain's DNS.
  • DMARC: Define a policy (none, quarantine, reject) and specify a return address for reports via a DNS record.

Control

For each domain used to send emails:
  • Use DNS configuration testing tools (e.g., https://mxtoolbox.com, https://dmarcian.com),
  • Check that SPF, DKIM, and DMARC records are present and correctly configured,
  • Analyze the headers of received emails to confirm that signatures are being applied correctly,
  • Ensure that the policies defined (particularly DMARC) are consistent with the site's sending practices.

By Opquast - Read the license


Discover Opquast training and certification

The objective of these rules and the Opquast community mission is ‘making the web better’ for your customers and for everyone! Opquast rules cover the key major areas of risk that can negatively affect website users such as privacy, ecodesign, accessibility and security.

Opquast training has already allowed over 19,000 web professionals to have their skills certified. Train your teams, contact us

We offer a 1 hour free discovery module.