Dombox Layers
All incoming mails will be passed through these 5 layers.
Layer | Description |
---|---|
Encryption Layer | Checks whether the mail is encrypted. |
Authorization Layer | Checks whether the "Sending IP" is authorized to send mails for the "Envelope Domain" |
Alias Layer | Checks whether "Envelope Domain" is an alias for the "Dombox Domain" |
Authentication Layer | Checks whether the mail is properly authenticated i.e. digitally signed |
Alignment Layer | Checks whether the domains are aligned |
Sample SMTP Chat
The Four Domains
Our system deals with the following 4 domains
Domain | Can be extracted from |
---|---|
Envelope Domain | MAIL FROM:<john@example.com> |
Dombox Domain | RCPT TO:<example.com@giri123.domboxmail.com> |
Message Domain | From: John Doe <john@example.com> |
Signature Domain | DKIM-Signature: s=selector123; d=example.com; ………. |
Primary Subject
Layer | Subject | Record Path |
---|---|---|
Encryption Layer | - | - |
Authorization Layer | Envelope Domain | envelopedomain.com |
Alias Layer | Dombox Domain | _sad.domboxdomain.com |
Authentication Layer | Signature Domain | selector._domainkey.signaturedomain.com |
Alignment Layer | Message Domain | _dmarc.messagedomain.com |
Technical Names
Layer | Name | Description |
---|---|---|
Encryption Layer | TLS | Transport Layer Security |
Authorization Layer | SPF | Sender Policy Framework |
Alias Layer | SAD | Sender Alias Domains |
Authentication Layer | DKIM | DomainKeys Identified Mail |
Alignment Layer | DMARC | Domain-based Message Authentication, Reporting and Conformance |
Encryption Layer
Checks whether the mail is encrypted.
Technical Name: Transport Layer Security (TLS)
Possible Results: Pass or Fail
Pass - Encrypted
Fail - Not Encrypted
Authorization Layer
Checks whether the "Sending IP / Client IP" is authorized to send mails for the "Envelope Domain".
Technical Name: Sender Policy Framework (SPF)
Possible Results: Pass or Neutral or Fail
Pass - Authorized
Neutral - Not Configured. So neither Authorized nor Unauthorized
Fail - Unauthorized
Note: SPF record will be fetched from the Envelope Domain
Alias Layer
Checks whether the "Envelope Domain" is an alias for the "Dombox Domain"
Technical Name: Sender Alias Domains (SAD)
Possible Results: Pass (FakePass, DirectPass, IndirectPass)
FakePass - Alias Layer applicable only for "Domboxes". So if the incoming mail is to the boxes found in "Mailboxes" group, then the result is set to "FakePass" for consistency {Refer "Mail Score"}.
DirectPass - When the "Envelope Domain" is the same as "Dombox Domain". In this case no need to check for SAD Record
IndirectPass - When the "Envelope Domain" is not the same as "Dombox Domain", but passed via SAD record.
If the Alias Layer result is "Fail", then the mail will be rejected. So the only possible result for "Alias Layer" is "Pass"
Note: SPF record will be fetched from the Dombox Domain
Authentication Layer
This layer checks whether the mail is properly authenticated i.e. digitally signed
Technical Name: DomainKeys Identified Mail (DKIM)
Possible Results: Pass or Neutral or Fail
Pass - Digitally Signed and Signature Verification Passed
Neutral - Digitally not Signed
Fail - Digitally Signed, but Signature Verification Failed
Note: The Signature verification requires a "Public Key". The public key will be fetched from the Signature Domain
Alignment Layer
Checks whether the domains are aligned
Technical Name: Domain-based Message Authentication, Reporting and Conformance (DMARC)
Possible Results: Pass or Neutral or Fail
Pass - Domains are aligned
Neutral - Domains are not aligned, but the "Message Domain" either has "No Objection" or no valid DMARC record found in the "Message Domain"
Fail - Domains are not aligned and the "Message Domain" has "Objection"
Note: The DMARC record will be fetched from the Message Domain
Possible Results
Layer | Pass | Neutral | Fail |
---|---|---|---|
Encryption Layer | Yes | No | Yes |
Authorization Layer | Yes | Yes | Yes |
Alias Layer | Yes | No | No |
Authentication Layer | Yes | Yes | Yes |
Alignment Layer | Yes | Yes* | Yes |
* Not Applicable for the boxes found in "Domboxes"
Layer Purpose
Each layer serves a different purpose
Layer | Description |
---|---|
Encryption Layer | Establishes Secure Communication. |
Authorization Layer | Prevents "Envelope Domain" Spoofing. |
Alias Layer | Allows non "Dombox Domain" to send mails to the Dombox. |
Authentication Layer | Proves Mail Genuinity. |
Alignment Layer | Prevents "Message Domain" Spoofing. |