Dombox Layers

All incoming mails will be passed through these 5 layers.

Layer Description
Encryption Layer Checks whether the mail is encrypted.
Authorization Layer Checks whether the "Sending IP" is authorized to send mails for the "Envelope Domain"
Alias Layer Checks whether "Envelope Domain" is an alias for the "Dombox Domain"
Authentication Layer Checks whether the mail is properly authenticated i.e. digitally signed
Alignment Layer Checks whether the domains are aligned

Sample SMTP Chat

mail.example.com Connecting to mail.domboxmail.com with its IP address
220 mail.domboxmail.com Dombox SMTP Service Ready
HELO mail.example.com
250 Hello, nice to meet you, mail.example.com
MAIL FROM:<[email protected]>
250 OK
RCPT TO:<[email protected]>
250 OK
DATA
354 End data with <CRLF>.<CRLF>
From: John Doe <[email protected]>
To: Giri <[email protected]>
Date: Fri, 01 January 2015 16:02:43 -0500
DKIM-Signature: s=selector123; d=example.com; ……….
Subject: Thanks for Signing Up
Thanks for signing up for Example.com.
Click <this link> to get started.
Regards,
John Doe
.
250 OK, message accepted for delivery: queued as 12345
QUIT
221 Bye
                

The Four Domains

Our system deals with the following 4 domains

Domain Can be extracted from
Envelope Domain MAIL FROM:<[email protected]example.com>
Dombox Domain RCPT TO:<example.com@giri123.domboxmail.com>
Message Domain From: John Doe <[email protected]example.com>
Signature Domain DKIM-Signature: s=selector123; d=example.com; ……….

Primary Subject

Layer Subject Record Path
Encryption Layer - -
Authorization Layer Envelope Domain envelopedomain.com
Alias Layer Dombox Domain _sad.domboxdomain.com
Authentication Layer Signature Domain selector._domainkey.signaturedomain.com
Alignment Layer Message Domain _dmarc.messagedomain.com

Technical Names

Layer Name Description
Encryption Layer TLS Transport Layer Security
Authorization Layer SPF Sender Policy Framework
Alias Layer SAD Sender Alias Domains
Authentication Layer DKIM DomainKeys Identified Mail
Alignment Layer DMARC Domain-based Message Authentication, Reporting and Conformance

Encryption Layer

Checks whether the mail is encrypted.

Technical Name: Transport Layer Security (TLS)

Possible Results: Pass or Fail

Pass - Encrypted

Fail - Not Encrypted

Authorization Layer

Checks whether the "Sending IP / Client IP" is authorized to send mails for the "Envelope Domain".

Technical Name: Sender Policy Framework (SPF)

Possible Results: Pass or Neutral or Fail

Pass - Authorized

Neutral - Not Configured. So neither Authorized nor Unauthorized

Fail - Unauthorized

Note: SPF record will be fetched from the Envelope Domain

Alias Layer

Checks whether the "Envelope Domain" is an alias for the "Dombox Domain"

Technical Name: Sender Alias Domains (SAD)

Possible Results: Pass (FakePass, DirectPass, IndirectPass)

FakePass - Alias Layer applicable only for "Domboxes". So if the incoming mail is to the boxes found in "Mailboxes" group, then the result is set to "FakePass" for consistency {Refer "Mail Score"}.

DirectPass - When the "Envelope Domain" is the same as "Dombox Domain". In this case no need to check for SAD Record

IndirectPass - When the "Envelope Domain" is not the same as "Dombox Domain", but passed via SAD record.

If the Alias Layer result is "Fail", then the mail will be rejected. So the only possible result for "Alias Layer" is "Pass"

Note: SPF record will be fetched from the Dombox Domain

Authentication Layer

This layer checks whether the mail is properly authenticated i.e. digitally signed

Technical Name: DomainKeys Identified Mail (DKIM)

Possible Results: Pass or Neutral or Fail

Pass - Digitally Signed and Signature Verification Passed

Neutral - Digitally not Signed

Fail - Digitally Signed, but Signature Verification Failed

Note: The Signature verification requires a "Public Key". The public key will be fetched from the Signature Domain

Alignment Layer

Checks whether the domains are aligned

Technical Name: Domain-based Message Authentication, Reporting and Conformance (DMARC)

Possible Results: Pass or Neutral or Fail

Pass - Domains are aligned

Neutral - Domains are not aligned, but the "Message Domain" either has "No Objection" or no valid DMARC record found in the "Message Domain"

Fail - Domains are not aligned and the "Message Domain" has "Objection"

Note: The DMARC record will be fetched from the Message Domain

Possible Results

Layer Pass Neutral Fail
Encryption Layer Yes No Yes
Authorization Layer Yes Yes Yes
Alias Layer Yes No No
Authentication Layer Yes Yes Yes
Alignment Layer Yes Yes* Yes

* Not Applicable for the boxes found in "Domboxes"

Layer Purpose

Each layer serves a different purpose

Layer Description
Encryption Layer Establishes Secure Communication.
Authorization Layer Prevents "Envelope Domain" Spoofing.
Alias Layer Allows non "Dombox Domain" to send mails to the Dombox.
Authentication Layer Proves Mail Genuinity.
Alignment Layer Prevents "Message Domain" Spoofing.