In recent years, email security has become a key priority for businesses and users. Phishing attacks and online fraud are becoming increasingly sophisticated, making the implementation of robust security measures essential. In this context, the use of SMTP authentication along with SPF, DKIM and DMARC emerges as a powerful ally in protecting email communications.
SMTP Authentication: Fundamental to Secure Communication.
Simple Mail Transfer Protocol (SMTP) authentication is a key practice for ensuring that emails are sent from legitimate senders. Without proper authentication, emails become vulnerable to spoofing attacks, in which an attacker can pretend to be a legitimate sender.
SPF (Sender Policy Framework): Validation of Authorized IP Addresses.
The implementation of SPF is crucial to ensure that only authorized email servers are allowed to send messages on behalf of a specific domain. This authentication mechanism verifies that the sending server’s IP address is included in the list of authorized IP addresses for that domain. Find out how to configure SPF.
DKIM (DomainKeys Identified Mail): Digital Signature for Emails.
DKIM adds a layer of security to emails through the addition of a digital signature to the message. This signature allows the recipient to verify that the message has not been altered in transit and that it came from a legitimate sender. Find out how to configure DKIM.
DMARC (Domain-based Message Authentication, Reporting, and Conformance): Complete Control over Authentication.
DMARC combines SPF and DKIM, offering more complete control over email security. It allows you to specify how recipients should handle unauthenticated emails and provides detailed reports on the use of SPF and DKIM. Find out how to configure DMARC.
Hierarchy of controls
It is important to point out that these three controls are hierarchical. So you need to make sure that first you have the SPF record set up correctly. Then the DKIM record. And finally the DMARC record. In that exact order. To avoid unwanted results.
Web-based email sending
Today, email sending involves not only users of traditional email clients, but also involves Web sites and applications. Many Web platforms allow users to register, receive notifications, or communicate through email messages. It is critical that these communications are also adequately protected. Implementing SPF, DKIM and DMARC therefore also becomes crucial for emails sent through the Web. Applications and websites must authenticate properly to ensure that emails sent are considered legitimate by recipients’ mail servers. This greatly reduces the chances of misclassification as spam or being the target of phishing attacks. In order for Web-sent emails to also benefit from SPF, DKIM and DMARC, you need to make sure that they are sent via smtp relay. You can use one of your domain’s mailboxes to perform send authentication. All of our mail accounts benefit from sending 300 mails per day by default. If you feel you need a higher limit, please contact us to study together a congenial solution for your usage.
Code Examples for Implementing SMTP Authentication with PHPMailer
Below we show you how you can use the popular PHPMailer class with one of our mail accounts to send authenticated mails.
<?php
/**
* This example shows settings to use when sending
* over SMTP with TLS and custom connection options.
*/
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
date_default_timezone_set('Etc/UTC');
require '../vendor/autoload.php';
$mail = new PHPMailer();
$mail->isSMTP();
$mail->SMTPDebug = SMTP::DEBUG_CONNECTION;
$mail->Host = 'smtp.example.com';
$mail->Port = 465;
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$mail->SMTPAuth = true;
$mail->Username = 'username@example.com';
$mail->Password = 'yourpassword';
$mail->setFrom('from@example.com', 'First Last');
$mail->addAddress('whoto@example.com', 'John Doe');
$mail->Subject = 'PHPMailer SMTP options test';
$mail->msgHTML(file_get_contents('contents.html'), __DIR__);
if (!$mail->send()) {
echo 'Mailer Error: ' . $mail->ErrorInfo;
} else {
echo 'Message sent!';
}
Using WP Mail SMTP in WordPress.
If your site is based on WordPress, you can take advantage of the WP Mail SMTP plugin to ensure SMTP authentication:
Installing WP Mail SMTP:
- Log in to your WordPress admin panel.
- Go to “Plugins” and click on “Add New.”
- Search for “WP Mail SMTP” and install the plugin.
- Activate the plugin.
WP Mail SMTP configuration:
- Go to “Settings” -> “Email” in your WordPress admin panel.
- Configure the SMTP settings with the details of your email server.
- Enable SMTP authentication, set SPF, DKIM and DMARC as needed.
In this way, the WP Mail SMTP plugin will ensure that emails sent from your WordPress site are authenticated and security compliant.
Conclusion: Investing in Email Security is a Good Idea
Implementing SMTP authentication along with SPF, DKIM and DMARC is essential to ensure email security. Sending messages without these security measures is risky and can compromise your domain’s reputation.
Maintaining secure online communications should be a priority for everyone. Investing in these authentication practices is an important step toward protecting data and building trust between senders and recipients.
