SPF, DKIM, DMARC
SPF, DKIM, and DMARC are three DNS-based email authentication standards. SPF lists which servers may send mail for your domain. DKIM signs outgoing mail cryptographically. DMARC tells receivers what to do when SPF or DKIM fail. Together they defeat most email spoofing and improve deliverability.
In plain English
Three DNS records that prove your email is really from you. Missing any = messages land in spam or get spoofed.
Why it matters
Without all three, attackers can send email that looks like it comes from your domain. Recipient providers (Gmail, Microsoft) increasingly reject or spam-fold mail lacking full alignment. It's also table stakes for compliance frameworks like SOC 2.
Related terms
Frequently asked
Which order do I set them up?
SPF first (easiest), DKIM second (signing keys), DMARC last with `p=none` initially, then progress to `p=quarantine` and `p=reject`.
How do I check my email is authenticated?
Send a test email to a Gmail account and view the raw headers · they show SPF/DKIM/DMARC pass/fail explicitly. SimplyScan also audits these records automatically.