How to Explain SPF and DKIM to a Kid

SPF and DKIM sound complicated, but they're actually simple concepts. Let's explain them using stories and examples anyone can understand.

The Mail Problem

Imagine you get a letter in your mailbox that says it's from your best friend. But how do you know it's really from them? Someone could have pretended to be your friend and written a fake letter!

This is the exact problem with email. Anyone can send an email pretending to be someone else. That's where SPF and DKIM come in—they're like special seals that prove an email is real.

What is SPF?

The Simple Story

SPF stands for "Sender Policy Framework," but let's call it the "Approved Sender List."

Imagine your school has a rule: only certain adults are allowed to pick you up. Your parents give the school a list of approved people—like grandma, uncle Bob, and your babysitter.

If a stranger shows up claiming to be there to pick you up, the school checks the list. Not on the list? No pickup!

How It Works with Email

• A company (like MoonMail) creates a list of computers allowed to send emails for them
• They publish this list on the internet
• When you receive an email claiming to be from MoonMail, your email provider checks the list
• If the computer that sent it is on the approved list—great! If not—it might be spam

What is DKIM?

The Simple Story

DKIM stands for "DomainKeys Identified Mail," but let's call it the "Secret Signature."

Imagine your mom packs your lunch and puts a special sticker on it that only she has. If someone tries to give you a different lunch and says "Your mom sent this," you can check for the special sticker.

If there's no sticker, or it's a fake sticker, you know something's wrong!

How It Works with Email

• When a company sends an email, they add an invisible "signature" to it
• This signature is created using a secret code only they know
• When you receive the email, your email provider checks this signature
• If the signature matches—the email is real! If not—it might be fake

SPF vs DKIM: What's the Difference?

Why Do We Need Both?

Using SPF and DKIM together is like having two locks on your front door. Each one helps, but having both makes you much safer!

SPF Says:

"This email came from an approved computer."

DKIM Says:

"This email hasn't been changed since it was sent, and it really came from who it says."

Real-World Example

Let's say you want to send a birthday party invitation to your classmates:

Without SPF and DKIM:

Someone could send fake invitations saying the party is at the wrong place or wrong time, and your friends wouldn't know which invitation is real.

With SPF and DKIM:

Your friends' parents check: "Did this invitation come from an approved source?" (SPF) and "Does it have the authentic signature?" (DKIM). If yes to both, they trust it's real!

How to Remember

Here's an easy way to remember:

• SPF = Safe Postman Finder (checks who delivered the mail)
• DKIM = Don't Know if It's Mine? (checks if it's been tampered with)

Why Email Companies Use This

Companies like MoonMail use SPF and DKIM to:

• Prove their emails are real
• Prevent spammers from pretending to be them
• Make sure their emails reach your inbox instead of spam folder
• Protect their customers from scams

The Technical Stuff (For Curious Kids)

If you want to know how it really works:

SPF

It's a text record published on DNS (like a phone book for the internet) that lists IP addresses allowed to send email.

DKIM

It uses cryptography (secret math!) to create a digital signature attached to each email that can be verified using a public key.

Conclusion

SPF and DKIM are like showing your ID and having a secret handshake—they prove an email is really from who it says it's from. Together, they keep email safe and trustworthy!