What is DNS?
It’s possible that you have never heard of DNS, but it’s what makes the internet as we know it possible. DNS stands for Domain Name System. It was developed in the 1980s as the internet was taking shape, and it is integral to your daily use of the internet today.
DNS is basically a map to every domain on the internet. It tells your computer where to look when you type a web address into your browser. Computers don’t think in web addresses and domain names; they need IP addresses to find websites. So every domain has an authoritative nameserver that keeps track of the IP address where the domain can be found and broadcasts that information to the entire internet. In order to find the IP address for the website you want to visit, your computer (through a series of steps) contacts the nameserver for that domain and gets the IP address. Then your browser can load the website by going to that IP address.
DNS and Email Authentication
So, what does DNS have to do with email authentication? In order to use protocols like SPF, DKIM, and DMARC, you need to set up policies relating to each of them for your domain. But once you create these policies, how will the rest of the internet know where to find them? Through DNS! Using the same process for finding an IP address described above, ISPs can find the SPF record, public DKIM keys, and DMARC policy that you set up. From there, the ISP will use those policies to authenticate the email.
Here’s an example of how it works: You publish an SPF record, public DKIM keys, and a DMARC policy to your DNS so that the rest of the internet can find them. Then you send email from [email protected] That’s all you have to do! The rest of the process is automatically checked and verified by servers during email authentication. The recipients of your emails can be secure in the knowledge that the message really came from your domain and not from an impostor.
There are a few things that can make it a little more complicated. ISP and browser caching, varying TTLs (time to live) on requests, and TLD (top level domain) nameservers are all factors that can mix in with the process shown above. However, the basic function is the same no matter how it is applied. DNS solves the problem of organizing and locating an ever-increasing number of domains.
The Importance of DNS
But here’s where it gets tricky (and really important): It is critical that the these policies can be located using DNS. Otherwise, the ISPs can’t enforce your policies. If you set up DNS incorrectly, it’s like publishing an inaccurate address for your business. No one will be able to find you because they won’t know where to look. Fraudmarc can help with this by becoming the authoritative name server for your domain’s email authentication policies. This will ensure that ISPs can locate your policies using DNS and enforce them so that your domain is protected.