All articles
Cyber Security
SPF, DKIM, and DMARC Explained
Daniel Okoro · Security Writer, SecureTempMail 7 min read
SPF, DKIM, and DMARC are how the modern email system fights forgery. Here's each in plain terms.
SPF — who's allowed to send
A domain publishes a list of mail servers permitted to send on its behalf. If mail comes from elsewhere, SPF fails.
DKIM — a tamper-proof signature
Outgoing mail is signed with a private key; receivers verify it with the public key in DNS. If the body was altered or the signature is missing, DKIM fails.
DMARC — the policy
DMARC ties SPF and DKIM to the visible "From" domain and tells receivers what to do on failure: none, quarantine, or reject. It also sends the domain owner reports.
Why it matters to you
These reduce spoofing, but they're not perfect — attackers use lookalike domains that pass their own checks. Stay skeptical and read phishing red flags.