Back to Learn
email
December 2024

What is SPF, DKIM, and DMARC?

SPF, DKIM, and DMARC are email authentication standards that verify sender identity and prevent email spoofing.

Detailed Answer

SPF, DKIM, and DMARC are email authentication protocols that work together to verify sender identity and protect against phishing.

SPF (Sender Policy Framework):

  • DNS TXT record listing authorized mail servers for your domain
  • Format: v=spf1 include:_spf.google.com ~all
  • Prevents spammers from forging your domain in the envelope sender
  • Has 10 DNS lookup limit - exceeding causes SPF to fail

DKIM (DomainKeys Identified Mail):

  • Cryptographic signature added to email headers
  • Public key published in DNS at selector._domainkey.yourdomain.com
  • Verifies email wasn't modified in transit
  • Requires 2048-bit or higher key length

DMARC (Domain-based Message Authentication):

  • Builds on SPF and DKIM to specify enforcement policy
  • Format: v=DMARC1; p=quarantine; rua=mailto:[email protected]
  • Tells receivers what to do when authentication fails
  • Provides reports on email authentication results
  • Required by Google and Yahoo for bulk senders (5000+ emails/day)

Why all three? SPF and DKIM authenticate different parts of the email. DMARC requires at least one to pass AND align with the From header domain, then enforces your chosen policy (none/quarantine/reject).

Check your domain now

Use IntoDNS.ai to scan your domain and get instant email insights.

Scan Your Domain

Related Questions

Why do my emails go to spam?

Emails go to spam when missing SPF, DKIM, or DMARC authentication, or when sent from blacklisted servers.

How to setup an SPF record?

Create a DNS TXT record at your root domain with format: v=spf1 include:_spf.google.com ~all

How to setup DMARC?

Add a DNS TXT record at _dmarc.yourdomain.com with policy: v=DMARC1; p=none; rua=mailto:[email protected]