SPF (Sender Policy Framework)

Sender Policy Framework (SPF) is an email authentication protocol that verifies if an email is from an authorized server for a specific domain:

How it works

When receiving an email, the mail server checks the domain's IP address against the authorized servers listed in the SPF record. If the email is from an authorized server, it passes SPF authentication and is delivered. If the email is from an unauthorized server, it fails SPF authentication and is rejected or sent to spam.

Benefits

SPF helps protect domains from being misused by malicious actors who send spam or phishing emails. It also improves a domain's reputation and email deliverability.

Implementation

Domain owners publish an SPF record in the DNS for each domain or host with an A or MX record. SPF records are TXT files that can't exceed 10 tags or 255 characters.

SMTP: The Essential Protocol for Email Delivery

 SMTP (Simple Mail Transfer Protocol)

SMTP, or Simple Mail Transfer Protocol, is an Internet standard communication protocol for sending and receiving email messages. It defines how email is transmitted between servers and from email clients to servers.

Here’s a quick overview of how SMTP works:

• Email Client to Server: When you send an email, your email client (like Outlook or Gmail) connects to an SMTP server.
• Server to Server: The SMTP server then communicates with the recipient’s email server to deliver the message.
• Email Retrieval: While SMTP is used for sending emails, protocols like IMAP or POP3 retrieve them from the server and send them to your inbox.

SMTP typically uses port 25 for server-to-server communication and port 587 (SMTPS) for client-to-server communication.

POP3 Explained: How It Works and Its Limitations

 POP3 (Post Office Protocol 3)

Post Office Protocol 3 (POP3) is an email retrieval protocol that downloads emails from a server to a user's device. POP3 is an older protocol that was designed for use on a single computer, and it has some limitations compared to more modern protocols:

One-way synchronization

POP3 only allows users to download emails from a server to a client, not vice versa.

No previewing

POP3 doesn't allow users to preview, search, delete, or organize emails on the server.

No synchronization between devices

Users must manually create or set folders and settings on each device.

No real-time synchronization

POP3 lacks real-time synchronization between the email server and the client.

POP3 is configured to listen on port 110 for plain-text transmission and port 995 for encrypted communication via SSL/TLS.

POP3 is losing popularity as people use multiple devices to access their email. Internet Message Access Protocol (IMAP) is a better option for users who access their email from various devices, as it stores emails on the mail server.

2-Step verification

 2-Step Verification or Out-of-Band

This process is completed by generating a software token on a server and sending it to a user. The token can be sent via:

SMS (Short Message Service): The code is sent to a registered phone number

Email: The code is emailed to a registered email account

Push Notification: The code is sent to an authenticator app on a smartphone or PC. This is seamless. The user does not have to enter the code; just tap the notification. 

Phone call: The code is sent as an automated phone call (voice) to a registered phone number