Google and Yahoo now require these records for bulk senders. If you don't have them, your emails will bounce or land in spam. They are the digital license plate, registration, and insurance for your email server.
1. SPF (Sender Policy Framework)
Who is allowed to send? SPF is a DNS TXT record that lists the IP addresses authorized to send email for your domain.
- The Record:
v=spf1 include:_spf.google.com ip4:1.2.3.4 ~all - Translation: "Only Google servers and the IP 1.2.3.4 can send email as @mydomain.com. Soft fail (~all) everyone else."
- Why it matters: It prevents spammers from spoofing your domain from their own servers.
2. DKIM (DomainKeys Identified Mail)
Is the content tampered with? DKIM attaches a digital signature to every email header.
- How it works: You publish a Public Key in your DNS. Your server signs every email with a Private Key. The receiving server grabs the Public Key and verifies the signature.
- Why it matters: It proves that the email actually originated from your server and wasn't modified in transit (e.g., a hacker didn't inject a malicious link).
3. DMARC (Domain-based Message Authentication)
What to do if checks fail? DMARC ties SPF and DKIM together and tells the receiver what to do if the checks fail.
- Policies:
p=none: Do nothing. Just generate a report. (Start here).p=quarantine: Put failing emails in the Spam folder.p=reject: Block them completely. The email never reaches the user.
- Goal: Move to
p=rejectto fully protect your brand from phishing.
EmailSecurityDMARC
Share: