How to Prevent Email Spoofing & Spam with SPF & DMARC
Email spoofing occurs when a malicious party sends messages pretending to come from your domain name. This can damage your brand reputation, lower domain email deliverability, and land your business emails in spam folders.
1. Sender Policy Framework (SPF)
An SPF record is a DNS TXT record listing all IP addresses and mail servers authorized to send messages on behalf of your domain name. Incoming mail servers check this list to verify legitimacy.
2. DomainKeys Identified Mail (DKIM)
DKIM adds a cryptographic digital signature to the header of outgoing emails. The receiving server uses your public DNS key to verify that the message was sent by you and wasn't altered in transit.
3. Domain-based Message Authentication (DMARC)
DMARC ties SPF and DKIM together. It instructs receiving servers on what to do if an authentication check fails (none, quarantine, or reject) and sends reports detailing spoofing attempts.
Frequently Asked Questions
How do I check if my domain has SPF or DMARC?
You can check your domain instantly using Hosterlo's free SPF lookup and DMARC record lookup tools in the Free Tools directory.
What DMARC policy is best to start with?
Start with a policy of 'p=none' to gather reporting details, then shift to 'p=quarantine' and eventually 'p=reject' as authentication is fully aligned.