Email authentication relies on basic standards

SPF, DKIM, and DMARC are all standards that enable different aspects of email authentication. They address complementary issues.

• SPF allows senders to define which IP addresses are allowed to send mail for a particular domain.
• DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.
• DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.

These email authentication standards supplement SMTP, the basic protocol used to send email, and most modern email systems support them. All three of these standards leverage the ubiquitous domain name system (DNS) for implementation. With DNS acting as the phone book of the Web, essentially establishing the legitimacy of domains through a rigorous process of analysis and verification, sophisticated email senders leverage email domain authentication as a fundamental component of security and deliverability.