SPF (Sender Policy Framework) is a DNS TXT record that defines which mail servers are authorized to send emails on behalf of a specific domain. It helps prevent unauthorized systems from spoofing your domain.

Since SPF is published in DNS, only the domain owner or administrators can modify it, making it an authoritative list of permitted sending sources for the domain.

DKIM (DomainKeys Identified Mail) is an email authentication method used to verify that the content of an email has not been altered during transit. It works by using a public/private key cryptographic signing process.

• The sending mail server signs outgoing emails using a private DKIM key

• The corresponding public DKIM key is published in the domain’s DNS

• Receiving mail servers retrieve the public key from DNS and use it to validate the DKIM signature

If the signature is valid, it confirms that the message content is authentic and unchanged.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) builds on SPF and DKIM by defining how receiving mail servers should handle emails that fail authentication. It also enables domain owners to receive reports about email activity and authentication results.

With DMARC, domain owners can:

• Specify a policy (none, quarantine, or reject)

• Require alignment between the From domain and SPF/DKIM domains

• Receive aggregate and forensic reports about email authentication results.

• SPF verifies who is allowed to send emails for a domain

• DKIM verifies that the email content has not been modified

• DMARC enforces policies based on SPF and DKIM results and provides visibility through reports

All three mechanisms rely on DNS records, and once configured correctly, they work together automatically to protect your domain from spoofing and phishing attacks.