Security of SPF vs SPF and DKIM in email

Question

I am looking for an email provider that I will use with custom domain, one provider is cheaper but has only SPF while the other is more expensive but uses both SPF and DKIM and I'm not sure if paying more is worth it if the other factors are similar. I read about SPF and DKIM and I have some questions about them and also some about email security in general.

1. What benefit would DKIM provide if SPF is already used?

2. Is it correct to say that SPF ensures that the server from which the email claim to originate is the one from which it in fact originated and DKIM ensures that the content of the email message hasn't been modified?

3. If it's correct that DKIM protects the message from being tampered with, then from whom does it protect exactly? Who can alter the content of the email while in transit, what are the common attack vectors? Can there be a malicious "node" that relays the email but modifies its content?

4. Would it be possible for an attacker to make a server that relays emails and then snoop on them or modify the content, just like anybody can make a malicious Tor node?

5. If the email provider I use supports sending emails over SSL and I want to send an email to my friend who uses Gmail (which also supports SSL), does my message travels the whole path encrypted? Does it mean that the message is encrypted with a public key belonging to Gmail and no server which relays the message will ever see it unencrypted?

6. Let's assume that I use SPF. An attacker attempts to sends an email that appears to come from me. Where is this email relayed to (is this something called MTA)? Does it work like a node that forwards information to further nodes? If the attacker controls the first "node", can't he report to the nodes that it forwards to, that the message passes SPF when it does not and the nodes that get forwarded the message would believe it?

Answer 1

What benefit would DKIM provide if SPF is already used?

If a domain has SPF configured the receiving mail server can check if the claimed sender of the mail according to the SMTP dialog (i.e. MAIL FROM) is allowed to send mail from this IP address. This helps against sender spoofing only a bit since only the sender based on the SMTP dialog is checked but not the From header of the mail. But mail clients usually care only about the latter one.

With DKIM the outgoing mail server signs a mail and this signature can also be checked by the sender, i.e. not only by the receiving SMTP server. This signature might include the whole body but might also be include only part of the body. And while the From header is part of this signature it does not mean that the From header must be from the signers domain which means spoofing is still possible.

Spoofing of From is only addressed by configuring a DMARC policy which requires that the domain in the From header is either protected by SPF or DKIM and which specifies a policy when the requirement is not met.

Is it correct to say that SPF ensures that the server from which the email claim to originate is the one from which it in fact originated and DKIM ensures that the content of the email message hasn't been modified?

E-mails don't claim to be from a specific server but from a specific domain. And like I said both SPF and DKIM alone don't protect against spoofing the From header. And DKIM only protects part of the mail against modification: usually it protects the full body but might be configured to allow extending the body. And it only protects some headers but not all.

If it's correct that DKIM protects the message from being tampered with, then from whom does it protect exactly? Who can alter the content of the email while in transit, what are the common attack vectors? Can there be a malicious "node" that relays the email but modifies its content?

Mail is delivered hop by hop and even if it is encrypted with TLS this only is relevant between the hops. So there are many parties involved which have access to the unprotected mail and could modify it.

Would it be possible for an attacker to make a server that relays emails and then snoop on them or modify the content, just like anybody can make a malicious Tor node?

If the attacker can spoof DNS MX records which specify how a mail gets delivered or if the attacker can intercept the mail on unprotected transport or at one of the hops the attacker can modify it. But the attacker cannot simply put a server on the internet and declare it to be the responsible server for the domain, he must other parties convince that they send the mail through this server (i.e. spoofing DNS MX record).

If the email provider I use supports sending emails over SSL and I want to send an email to my friend who uses Gmail (which also supports SSL), does my message travels the whole path encrypted? Does it mean that the message is encrypted with a public key belonging to Gmail and no server which relays the message will ever see it unencrypted?

The messages travels encrypted from your mail client to the mail server of your provider, is decrypted there, modified (Received header added, maybe DKIM header) and the re-encrypted again to transport it to the next hop which might be google already or might be another upstream mail server.

Let's assume that I use SPF. An attacker attempts to sends an email that appears to come from me. Where is this email relayed to (is this something called MTA)? Does it work like a node that forwards information to further nodes? If the attacker controls the first "node", can't he report to the nodes that it forwards to, that the message passes SPF when it does not and the nodes that get forwarded the message would believe it?

While the attacker can add a Received-SPF header to the mail and thus claim the it did check for SPF a mail server (MTA) on the edge between internet and intranet receiving this mail might check again from which IP address the mail really comes, i.e. it will not trust the Received-SPF header. This header is mainly used by spam checkers which want to incorporate the result of the SPF test into their reputation check but don't run at the mail server and thus don't have access to the original IP of the sender.

Answer 2

In a nutshell, the difference between SPF and DKIM is simple: SPF uses path-based authentication while DKIM uses an identity-based authentication.

SPF uses DNS to publish a record of all mail transfer authorities (MTA) authorized to send mail on behalf of the domain. Recipient MTAs then query DNS for the SPF record and reconcile the list of approved IP addresses against the path the message actually took. SPF syntax dictates how mail is handled if the IP addresses don't match. For instance, -all means mail is either rejected entirely. ~all means mail is marked but still permitted through.

SPF has its limitations. It can be cumbersome to deploy completely (large organizations can find it difficult to track down every MTA they use) which may lead to a more passive SPF policy to prevent legitimate mail from being snagged by filters. This can increase the prevalence of phishing.

DKIM uses asymmetric cryptography to digitally sign a message. A domain has a public/private keypair. DKIM will take a hash of several fields of an email, including To:, From:, Date:, etc. This hash is then signed with the private key of the domain in question and placed in the DKIM header. The domain public key is published in DNS and used to verify the authenticity of the email.

DKIM doesn't protect against forging theFrom: field directly but it does ensure that an email truly came from the domain in question. For instance, DKIM can guarantee an email came from the domain foo-bar.com but it can't necessarily guarantee from whom within that domain sent the message, since the domain as a whole uses one keypair, not individual senders.

Answer 3

SPF and DKIM protect two different parts of email email security and both have their positives and negatives.

SPF - verifies that the server the mail was recieved from should be sending email from the domain in the envelope from. It's easily broken by forwarding e-mail or proxying e-mail.

DKIM verifies that the headers included in the DKIM signature havent changed, which include the message from header. Additionally with its Public-Private key pairs it enables no-repudiation (i.e. this definitley came from source domain.) It can be broken by using minimal headers or using short keys.

SPF and DKIM Tests are carried out by the destination server independent of any tests upstream. Combine both with DMARC and you close the loop, it checks that the domains from SPF and DKIM match the from:address, it sends you reports on your mail results, and allows you to recommend actions based on the result.

So basically DKIM gives a lot more assurance that SPF and ideally you want to confirm email authenticity you should do both and layer DMARC over the top.

---

on encryption it comes down to two different implementations providing you connect to the server over TLS:

STARTTLS(Opertunistic) - basically the mail server will establish a SMTP connection and check if it supports TLS then if it does upgrade to a secure the connection, if it doesn't it can depending on config either refuse the connection or transmit in the clear.

TLS(Explicit) the mail server will attempt to establish a TLS connection with the remote server if it does not support the right ciphers or TLSversions, the connection will fail.

then you rely on the reciever to connect to the server over TLS.

Providing a secure connection is established, this leaves the message vulnerable at only two points: Transiting both Mail Servers, between the Server-client and server-server connections. The only way to protect this is to use End-To-End Encryption (PGP, S/MIME,etc.) to encrypt the body before the SMTP servers see it.