Enhanced Email Intelligence: Introducing SPF and DMARC Authentication Checks

At Castle, we strive to provide and enhance tools that are useful for maintaining your app's security. To improve our Email Intelligence, we now run checks on new properties that are often configured on trusted domains:

  • Sender Policy Framework (SPF): This allows a domain to list all the servers that are authorized to send emails on its behalf. Think of it as a publicly available directory that helps confirm whether an email was sent from the correct server.
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): This policy instructs the receiving server on what to do if an email fails SPF or DKIM (DomainKeys Identified Mail) validation.

When investigating user behavior, the domain's SPF record can help understand if the domain is configured for secure email delivery and validation. This information adds a level of trust, indicating that the domain owner is likely to have good intentions and aims to prevent abusive behavior.

Email section in Event details with SPF and DMARC records

SPF and DMARC entries in the Email section of an event