June 20th, 2024 | 8:39


How can scammers send me emails or SMS from legal addresses or phone numbers?

Mairenis Gomez

May 18, 2024 | 2:00 p.m.

The importance of communications security: Understanding SPF and DKIM

Winix has shared on Twitter a series of reflections on security in digital communications, specifically focusing on email and SMS. In a recent thread, Winix explains how scammers can spoof emails and the importance of implementing security measures like SPF and DKIM. Below, we break down its main points and offer some recommendations on how to protect yourself from spoofing.

Understanding Email Phishing

Winix compares email spoofing to a scammer sending fake letters using bank-identical stationery and envelopes. The letter looks legitimate, but is actually a forgery. This analogy helps understand how email spoofing works.

What are SPF and DKIM?

  1. SPF (Sender Policy Framework): It is a protocol that allows domain owners to specify which servers are authorized to send email on their behalf. Imagine that the bank uses a futuristic seal that only leaves its mark if used by a bank employee in a bank office. SPF is like that seal that ensures that the email comes from a legitimate source.
  2. DKIM (DomainKeys Identified Mail): It is a method of email authentication that allows the recipient to verify that an email claiming to have been sent from a specific domain was actually authorized by the owner of that domain. When you receive the letter, you can check that seal, making sure it is authentic.

Limitations of SPF and DKIM

Although these measures are effective, they are not foolproof. A clever cybercriminal can find ways to circumvent these protections, such as having access to the office and being able to impersonate the bank employee stamping the letter. This requires a much higher level of sophistication, but it is possible.

Challenges in SMS security

The technology behind SMS is simpler and therefore more difficult to secure. Winix mentions that when he was a teenager he tried to send encrypted messages, but the simplicity of SMS makes them vulnerable to different types of attacks.

Corporate responsibility

Winix notes that if a company has not implemented security measures such as SPF, DKIM and DMARC, it is responsible for any vulnerabilities. Businesses should ensure they have taken all necessary precautions to protect their communications. However, even if they have done everything correctly, there are always risks if the attackers are extremely skilled.

How to protect yourself from spoofing

Winix offers several tips to protect against spoofing:

  1. Be wary of urgent or alarming messages: If you receive a message saying that €3.000 has been charged to your bank account, take it with caution.
  2. Don't click on links or download unexpected files: Even if they appear to come from a reliable source.
  3. Block suspicious numbers on your phone: If you receive messages with suspicious characteristics, block them immediately.


Security in digital communications is a constant challenge, but with the right measures, such as SPF and DKIM, and a cautious attitude, it is possible to protect against many forms of attack. Companies have the responsibility to implement these measures and constantly update their defenses, while users must always be vigilant and take extra precautions.

More news