Dombox Layers

Sample SMTP Chat

mail.example.com Connecting to mail.domboxmail.com with its IP address
220 mail.domboxmail.com Dombox SMTP Service Ready
HELO mail.example.com
250 Hello, nice to meet you, mail.example.com
MAIL FROM:<john@example.com>
250 OK
RCPT TO:<example.com@giri123.domboxmail.com>
250 OK
DATA
354 End data with <CRLF>.<CRLF>
From: John Doe <john@example.com>
To: Giri <example.com@giri123.domboxmail.com>
Date: Fri, 01 January 2015 16:02:43 -0500
DKIM-Signature: s=selector123; d=example.com; ……….
Subject: Thanks for Signing Up
Thanks for signing up for Example.com.
Click <this link> to get started.
Regards,
John Doe
.
250 OK, message accepted for delivery: queued as 12345
QUIT
221 Bye
                

The Four Domains

Our system deals with the following 4 domains

Primary Subject

Technical Names

Encryption Layer

Checks whether the mail is encrypted.

Technical Name: Transport Layer Security (TLS)

Possible Results: Pass or Fail

Pass - Encrypted

Fail - Not Encrypted

Authorization Layer

Checks whether the "Sending IP / Client IP" is authorized to send mails for the "Envelope Domain".

Technical Name: Sender Policy Framework (SPF)

Possible Results: Pass or Neutral or Fail

Pass - Authorized

Neutral - Not Configured. So neither Authorized nor Unauthorized

Fail - Unauthorized

Note: SPF record will be fetched from the Envelope Domain

Alias Layer

Checks whether the "Envelope Domain" is an alias for the "Dombox Domain"

Technical Name: Sender Alias Domains (SAD)

Possible Results: Pass (FakePass, DirectPass, IndirectPass)

FakePass - Alias Layer applicable only for "Domboxes". So if the incoming mail is to the boxes found in "Mailboxes" group, then the result is set to "FakePass" for consistency {Refer "Mail Score"}.

DirectPass - When the "Envelope Domain" is the same as "Dombox Domain". In this case no need to check for SAD Record

IndirectPass - When the "Envelope Domain" is not the same as "Dombox Domain", but passed via SAD record.

If the Alias Layer result is "Fail", then the mail will be rejected. So the only possible result for "Alias Layer" is "Pass"

Note: SPF record will be fetched from the Dombox Domain

Authentication Layer

This layer checks whether the mail is properly authenticated i.e. digitally signed

Technical Name: DomainKeys Identified Mail (DKIM)

Possible Results: Pass or Neutral or Fail

Pass - Digitally Signed and Signature Verification Passed

Neutral - Digitally not Signed

Fail - Digitally Signed, but Signature Verification Failed

Note: The Signature verification requires a "Public Key". The public key will be fetched from the Signature Domain

Alignment Layer

Checks whether the domains are aligned

Technical Name: Domain-based Message Authentication, Reporting and Conformance (DMARC)

Possible Results: Pass or Neutral or Fail

Pass - Domains are aligned

Neutral - Domains are not aligned, but the "Message Domain" either has "No Objection" or no valid DMARC record found in the "Message Domain"

Fail - Domains are not aligned and the "Message Domain" has "Objection"

Note: The DMARC record will be fetched from the Message Domain

Possible Results

* Not Applicable for the boxes found in "Domboxes"

Layer Purpose

Each layer serves a different purpose