aliases:
- Email Deliverability
- SPF, DKIM, & DMARC
- SPF
- DKIM
- DMARC
tags:
- Type/Tech
- area/tech
- seed
publish: true
version: 1.1
dateCreated: 2025-01-02, 08:30
dateModified: 2025-01-04, 19:57
from:
- "[[Email]]"
related:
contra:
to: Email Authentication
SPF, DKIM, and DMARC help authenticate email senders by verifying that the emails came from the domain that they claim to be from, helping to prevent spam, phishing attacks, etc.
SPF
Sender Policy Framework (SPF) is a way for a domain to list all the servers they send emails from. Think of it like a publicly available employee directory that helps someone to confirm if an employee works for an organization.
DKIM
DomainKeys Identified Mail (DKIM) enables domain owners to automatically "sign" emails from their domain, just as the signature on a check helps confirm who wrote the check. The DKIM "signature" is a digital signature that uses public key cryptography
DMARC
Domain-based Message Authentication Reporting and Conformance (DMARC) tells a receiving email server what to do given the results after checking SPF and DKIM. A domain's DMARC policy can be set in a variety of ways — it can instruct mail servers to quarantine emails that fail SPF or DKIM (or both), to reject such emails, or to deliver them.
DMARC policies are stored in DMARC records. A DMARC record can also contain instructions to send reports to domain administrators about which emails are passing and failing these checks. DMARC reports give administrators the information they need to decide how to adjust their DMARC policies (for example, what to do if legitimate emails are erroneously getting marked as spam).