We help IT Professionals succeed at work.

DMARC, SPF, and DKIM standards

Hello Experts,

Can someone please provide me with some sort of information regarding DMARC, SPF, and DKIM standards for email security?

IF anyone has some experience, can you please explain difference between all 3 standards?

Thanks in advance
Watch Question

Distinguished Expert 2019
DMARC (Domain-based Message Authentication, Reporting & Conformance) tells email servers what mechanism(s) is/are in place to authenticate email messages.  It does not handle the actual authentication of the messages (per se) but rather instructs recipient servers as to which authentication methods the source domain uses and what to do with messages that fail authentication.

SPF (Sender Policy Framework) is an authentication method that relies on reverse domain lookup to authenticate messages.  Essentially the way this works is that messages are delivered to a recipient server.  The recipient server performs a reverse lookup to the source domain in order to validate that the source server identified in the message headers is allowed to send messages for the domain in question.

DKIM (DomainKeys Identified Mail) is an authentication method that relies on the signing of mail messages in order for the recipient mail server to validate the the sending entity is authorized to send messages for the source domain.

SPF and DKIM are a la carte authentication methods meaning that you can implement them separately, together or not at all.