Technical
Email Authentication: Understanding SPF, DKIM, and DMARC
Michael Park
December 3, 2025
A technical guide to the three pillars of email authentication that protect against spoofing and phishing.
Introduction
Email spoofing—forging the "From" address to impersonate another sender—remains a major security threat. The email authentication trio of SPF, DKIM, and DMARC work together to prevent spoofing.
SPF: Sender Policy Framework
How SPF Works
1Domain owner publishes SPF record in DNS
2Receiving server extracts sending IP from email
3Server checks if sending IP is authorized
4Server applies policy based on result
SPF Record Syntax
v=spf1 ip4:192.0.2.0/24 include:_spf.google.com -allDKIM: DomainKeys Identified Mail
DKIM adds a cryptographic signature to emails, proving the message hasn't been altered:
DKIM-Signature: v=1; a=rsa-sha256; d=example.com;
h=from:to:subject:date;
bh=47DEQpj8HBSa...;
b=dzdVyOfAKCdLXd...DMARC: Domain-based Message Authentication
DMARC builds on SPF and DKIM by:
1Requiring alignment between authentication and From domain
2Telling receivers what to do with failed messages
3Providing feedback reports to domain owners
DMARC Policies
| Policy | Action |
|---|---|
| none | Monitor only |
| quarantine | Mark as spam |
| reject | Block the message |
How They Work Together
Email Received → Check SPF → Check DKIM → Check DMARC → Apply PolicyConclusion
SPF, DKIM, and DMARC form a comprehensive email authentication system. Together they provide strong protection against email spoofing.