How does SPF, DKIM and DMARC work?

SPF, DKIM, and DMARC are three key technologies used in email to verify the sender's identity and reduce spam and phishing.

Imagine you have a list of trusted friends who can send letters from your house. SPF is like that list, but for email.

It's a way for your email domain (like "@example.com") to say, "Only these specific mail servers are allowed to send emails on my behalf."

When you send an email, the recipient's email system checks this list. If the email comes from a server not on the list, it might be considered spam or fake.

Think of DKIM as a secret wax seal for your emails.

When you send an email, your server puts a digital signature (like a unique seal) on the message.

The recipient's email system checks this signature using a public key available in your domain's DNS records.

If the signature matches, it proves that the email hasn't been tampered with and really came from your domain.

DMARC is like a set of instructions you give to others about how to handle your emails.

It uses SPF and DKIM to verify emails. If an email fails these checks, DMARC tells the recipient what to do with it – like reject it or put it in spam.

DMARC also asks for reports from email receivers about how they're handling your emails, helping you know if someone is trying to impersonate your domain.

• SPF is a list of servers allowed to send emails from your domain.
  
  
• DKIM is a digital signature proving an email really came from your domain and wasn't altered.
  
  
• DMARC tells email receivers what to do if an email doesn't pass SPF or DKIM checks and asks for reports on these actions.