The three DNS records that decide whether your emails are authentic, explained without jargon.
SPF — who may send for your domain
SPF is a TXT record listing the IPs and servers authorized to send email on behalf of your domain. If a message arrives from an unlisted IP, the receiver knows it's suspicious.
DKIM — the signature that proves integrity
DKIM adds a cryptographic signature to the email headers. The receiver fetches your public key from DNS and verifies the message wasn't altered in transit.
DMARC — the rule that ties it together
DMARC tells providers what to do when SPF or DKIM fail, and requires the authenticated domain to match (alignment) the visible From. Start with p=none to monitor, then move to quarantine and reject.
No sign-up. Copy the address and send.
Generate a test address →