Here is a glossary of terms that you may come across when you are setting up your email configuration, learning more about email security, or using OnDMARC.
The IP address of the originating server.
The domain name given in the EHLO command MUST be either a primary host name (a domain name that resolves to an address resource record (RR)) or, if the host has no name, an address literal.
A PTR record is a DNS record that resolves an IP address to a domain name. It does the opposite of what an A record does.
An A record resolves a domain name to an IP address. It does the opposite of what the PTR record does.
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It’s an outbound email security protocol that protects domains against exact impersonation.
OnDMARC simplifies the complexities of DMARC by automating processes and providing clear instructions on how to block unauthorized use of your domain.
Being DMARC compliant means that your domain is in either a policy of quarantine (p=quarantine) or reject (p=reject).
SPF stands for Sender Policy Framework. It was developed to combat sender address forgery. It is an authentication protocol which verifies the Return-Path/MAIL FROM or HELO/EHLO identities during email transmission.
TXT record is a type of a DNS recourse record (RR) used to associate an arbitrary text with a host.
DKIM stands for DomainKeys Identified Mail and it is a protocol which helps organizations claim responsibility for an email. It provides a method for validating a domain name associated with an email through the use of cryptography.
DKIM Signing Domain
This is the domain name identity that has signed the email with its cryptographic signature.
The selector is an arbitrary string travelling along with each DKIM signed email which helps the recipient to find the public key in your DNS and validate the DKIM signature.
Canonicalization is a method used by the sender to normalize or standardize the email header and body before signing it with DKIM. Two canonicalization algorithms exist "relaxed" and "simple" for each header and body. The "simple" algorithm tolerates almost no modification and the "relaxed" algorithm tolerates common modifications such as whitespace replacement and header field line rewrapping.
DKIM Signed Headers
This is a complete and ordered list of header fields presented to the signing algorithm.
This contains the DKIM signature data of the email.
DKIM signing domain
This is the domain name identity which DKIM signed the email.
DKIM Key Length
This is the size of the DKIM key being used when signing the email. Longer keys are considered stronger and more secure.
TTL or time to live is a mechanism that limits the lifespan or lifetime of data in a computer or network
This email header displays who the message is from. This is the visible domain shown in your mail client.
The email header used to indicate where bounces should be sent in case an email cannot be delivered.
Depending on the mail provider receiving the email an SPF check is either done on this email header first or the EHLO or both.
The p= is a DMARC tag which specifies the policy used. Examples include:
p=none - means no policy will be applied to emails that fail DMARC
p=quarantine - means quarantine emails that fail DMARC
p=reject - means reject emails that fail DMARC.
The pct= is a DMARC tag which specifies to what percentage of emails the policy should be applied to. If this tag is absent then 100% of the emails will have the policy applied. Other examples:
p=reject; pct=20 means that the specified policy will apply to 20% of the emails, the remaining 80% will have the policy of quarantine applied as this is the next policy down.
p=quarantine; pct=50 means that the specified policy will apply to 50% of the emails, the remaining 50% will have the policy of none applied as this is the next policy down.
p=none; pct=100 means that the specified policy will apply to 100% of the emails.
The rua= is a DMARC tag which tells the recipient where to send the DMARC aggregate reports to.
The rua= is a DMARC tag which tells the recipient where to send the DMARC forensic reports to.
SPF uses the Return-Path/MAIL-FROM domain of emails in order to look up the SPF record of the email sender.
The sp= is a DMARC tag which specifies the subdomain policy used.
adkim= is a DMARC tag which specifies whether strict or relaxed DKIM alignment mode is required by the Domain Owner.
aspf= is a DMARC tag which specifies whether strict or relaxed SPF alignment mode is required by the Domain Owner.
Score from 0 to 100 given to a sender. A score below 20 means it is a suspicious address, a score between 20 and 70 is from an average sender, and only really trustworthy senders get a score over 70.
Validity offers allowlists as a positive reputation signal to assist you with quickly identifying the best mailers and making informed decisions on message handling.
The Validity Blocklist (RPBL) is a real-time list of IP addresses categorized as the “worst of the worst”, based on reputation and other data we receive from our partners.
The value is a combination of the following factors:
botnet = IP addresses observed exhibiting botnet characteristics in message transmission
noauth= IP addresses transmitting messages lacking/failing SPF and DKIM authentication, and with poor Sender Score reputation
pristine = IP addresses with messages hitting pristine traps
suspect_attach = IP addresses observed transmitting messages with suspicious attachments
If you're interested in learning more about a cybersecurity solution that takes the complexity out of email security, click the link below.