Email Authentication

Overview

Email authentication helps validate who is sending emails and helps to reduce the effectiveness of two types of malicious attacks:

Oracle CPQ supports the Sender Policy Framework (SPF) and the Domain Keys Identified Mail (DKIM) authentication protocols.

ClosedSender Policy Framework (SPF)

SPF is an open standard for preventing sender address forgery. Senders publish a record in the Domain Name System (DNS). The SPF record consists of a list of IP addresses that are authorized to send email for that domain. ISPs can then verify a sender by cross checking the domain in the From address against the registered DNS record. By declaring authorized IP addresses, companies can help prevent email address forgery.

ClosedDomain Keys Identified Mail (DKIM)

DKIM is a cryptographic signature-based method to authenticate email senders. With DKIM, email senders generate public and private key pairs. The public key is published to DNS records, and the matching private keys are stored in a sender's outbound email servers.

When emails are sent, the private keys generate message-specific signatures that are added to additional embedded email headers. ISPs that authenticate using DKIM look up the public key in the public DNS record. ISPs can then verify that the signature in the email header was generated by the matching private key.

This method ensures that an authorized sender actually sent the message and the message headers and content were not altered during transit. Most major ISPs, such as AOL, Gmail, Hotmail, and Yahoo! use DKIM authentication.

Administration

Log a service request on My Oracle Support to enable the SPF or DKIM authentication method.

Related Topics

Related Topics Link IconSee Also