RFC 5321 and RFC 5322

RFC 5321 RFC 5322 Letter Envelope 5321.MailFrom 5322.From

It’s important to have a basic understanding of RFC 5321 and RFC 5322 to fully understand DMARC, DKIM and SPF. These two RFC’s describe different types of sender information and they relate differently to DKIM and SPF.

Confused? Read on!

The Letter-Envelope Analogy

Emails can be roughly separated in two parts: The email message itself and some additional addressing information which is used to guide the message from the sender to the recipient. The email message standard is defined in RFC 5322 also known as IMF or Internet Message Format. The email addressing standard is defined in RFC 5321 also known as SMTP or Simple Mail Transport Protocol.

The “letter-envelope analogy” illustrates perfectly how these two RFC’s relate to the contents and delivery of emails:

RFC 5321 RFC 5322 Letter Envelope 5321.MailFrom 5322.From
Click to enlarge

Notice that the letter (the email message) and the envelope (the addressing information) both have recipient and sender information. The RFC 5322 sender/recipient information in the message is shown to the end user in the mail client (such as Outlook). The RFC 5321 sender/recipient information is used by mail routing servers to deliver email but is not normally shown to end users.

RFC 5321 and RFC 5322 in Action

Consider the following diagram to see more specifically how RFC 5321 and RFC 5322 relates to email delivery and the email message:

Click to enlarge

In steps 1 + 2 the sending and receiving mail servers verify that the receiving server is willing to receive the email message from the sending server. This communication is performed according to the RFC 5321 standard and includes the use of the RFC5321.MailFrom and RFC5321.RcptTo addresses.

In step 3 the mail message itself, including mail headers, is transferred to the receiving server. This takes place according to the RFC 5322 standard and includes the use of the RFC5322.From and RFC5322.To addresses.

SPF and DKIM Email Authentication

SPF and DKIM are both used to perform email authentication but they are securing different parts of the email:

  1. SPF authenticates the RFC5321.MailFrom address
  2. DKIM authenticates the RFC5322.From address

As SPF and DKIM provide different types of authentication you should implement both of them. DKIM is more complex than SPF but also offers better protection. To enhance your SPF and DKIM implementation make sure to configure DMARC. DMARC is highly recommended by pretty much all private and government security agencies around the world.

Read the articles on SPF and DKIM to fully understand how they perform authentication of the RFC5321.MailFrom and RFC5322.From addresses.