The SPF (Sender Policy Framework) is an email-validation system to prevent spammers from sending messages on behalf of your domain. SPF and DMARC together are an email authentication technique that uses DNS (Domain Name Service). SPF allows you to specify which email servers are permitted to send email on behalf of your domain.

The SPF is added to the DNS zone of your domain as a DNS record. In the SPF record (TXT) you can specify which IP addresses and hostnames are authorized to send email on behalf of your domain.

spf email dns


DKIM (DomainKey Identified Mail) is an authentication protocol that is used by email receivers to determine if an email message was sent by who it says it was sent by. DKIM often improves the deliverability of emails to the inbox since a receiver can be confident that the message is not a forgery.

To setup DKIM, insert a new DNS record in the DNS zone of your domain. The value (TXT) is provided by your email sending service provider.

dkim email dns


DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing. DMARC allows you as an email sender to publish a policy that defines its email authentication practices and provides instructions to receiving mail servers for how to enforce them.

DMARC uses SPF and DKIM to determine the authenticity of an email message. DMARC record is a DNS record in the DNS zone of your domain like SPF and DKIM. Not all receiving servers practice a DMARC check before accepting a message, but most of the major internet service providers do. The implementation of DMARC is growing.