SPF, DKIM, and DMARC — what they are and why your business needs them

The three DNS building blocks that stop fake email — explained without jargon overload.

How they work together

When these three work together, your customers' inboxes are much better protected from fake mail using your name.

SPF — approved senders list

A TXT record listing mail servers allowed to send for your domain. See the full SPF guide.

DKIM — email signatures

Your mail platform signs outgoing messages; DNS publishes the public key. See the DKIM guide.

DMARC — fake-email policy

Tells the world whether to reject, quarantine, or monitor failed mail. This is usually the most important gap. See the DMARC guide.

Frequently asked questions

Which one should I fix first?

Often DMARC — without it, SPF and DKIM results may not be enforced.

Can Email Trust Check verify all three?

Yes — the free domain check reports status for each.

Run a free domain check