Articles on: Email

Using SPF, DKIM and DMARC for email authentication

Understanding SPF, DKIM, and DMARC: Essential Email Authentication Methods

In the realm of email security, SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are three crucial standards used for authenticating email messages. They play a significant role in preventing email spoofing and phishing attacks. Let's delve into each of these technologies to understand how they contribute to securing email communication.

NOTE: All SPF, DKIM and DMARC records are automatically added and enabled in your VE.Host hosting account.

SPF (Sender Policy Framework)


SPF is an email authentication method designed to prevent spammers from sending messages on behalf of your domain. Through SPF, you can specify which mail servers are authorized to send mail on behalf of your domain by editing the DNS zone for your domain.

How it Works

- DNS Record: You can publish SPF records in the DNS (Domain Name System) for your domain. These records list the authorized mail servers.
- Email Verification: When an email is received, the recipient's mail server checks the SPF record of your domain to verify if the email comes from an authorized server.


- Reduces the chances of spammers successfully spoofing your domain.
- Improves the deliverability of legitimate emails.

DKIM (DomainKeys Identified Mail)


DKIM provides a way to validate a domain name identity that is associated with a message through cryptographic authentication.

How it Works

- Digital Signature: The sending mail server attaches a digital signature linked to the domain to each outgoing email.
- Public Key: A corresponding public key is published in the domain's DNS records.
- Email Verification: The receiving server uses this public key to decrypt the signature and verify the message's integrity and origin.


- Ensures the content integrity of the email during transit.
- Validates the domain identity, reducing the risk of email spoofing.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)


DMARC builds upon SPF and DKIM. It allows domain owners to publish policies in their DNS records that define their email authentication practices and how receiving mail servers should handle mail that doesn’t comply with these practices.

How it Works

- Policy Publication: A DMARC policy is published in your DNS records.
- SPF and DKIM Checks: DMARC relies on SPF and DKIM to authenticate emails.
- Policy Enforcement: The receiving server checks if the email complies with the domain's DMARC policy. Based on this, it decides whether to accept, reject, or quarantine the email.
- Reporting: DMARC also provides a reporting mechanism for receivers to send reports back to the senders about messages that pass and/or fail DMARC evaluation.


- Provides domain owners with control over how their email is handled.
- Improves visibility into email delivery issues and attacks on the domain.
- Helps in identifying and mitigating email spoofing.


SPF, DKIM, and DMARC are critical tools in the fight against email-based threats. They authenticate the source of emails, ensure the integrity of the message, and provide a framework for handling and reporting on suspicious emails. Implementing these standards is essential for organizations to protect their domains from being used in phishing attacks and to ensure the integrity and reliability of their email communication.

Updated on: 05/02/2024

Was this article helpful?

Share your feedback


Thank you!