SPF, DKIM & DMARC: the email authentication guide
Last updated: 2026-06-26
Why email authentication matters
SPF (Sender Policy Framework)
SPF is a DNS TXT record that lists which servers are allowed to send mail for your domain. Receivers reject or flag mail from servers not on the list. A strong SPF record ends with “-all” (hard fail) or “~all” (soft fail).
v=spf1 include:_spf.google.com -all
DKIM (DomainKeys Identified Mail)
DMARC
DMARC ties SPF and DKIM together and tells receivers what to do with mail that fails: nothing (p=none, monitoring only), quarantine (p=quarantine), or reject (p=reject). It also sends you reports. Start at p=none to observe, then move to quarantine and reject.
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com
MTA-STS (transport security)
Check your domain now
How Spamless helps
Spamless is an MX-gateway that filters spam, phishing and malware before it reaches your inbox, and checks SPF/DKIM/DMARC on every inbound message as part of a 7-layer pipeline. Point your MX to us in 5 minutes — Basic is free.