← Guides

SPF, DKIM and DMARC explained simply

The three DNS records that decide whether your emails are authentic, explained without jargon.

SPF — who may send for your domain

SPF is a TXT record listing the IPs and servers authorized to send email on behalf of your domain. If a message arrives from an unlisted IP, the receiver knows it's suspicious.

DKIM — the signature that proves integrity

DKIM adds a cryptographic signature to the email headers. The receiver fetches your public key from DNS and verifies the message wasn't altered in transit.

DMARC — the rule that ties it together

DMARC tells providers what to do when SPF or DKIM fail, and requires the authenticated domain to match (alignment) the visible From. Start with p=none to monitor, then move to quarantine and reject.

No sign-up. Copy the address and send.

Generate a test address →