SPF, DKIM and DMARC: the what, the why and the how

Why you’d want to implement SPF, DKIM and/or DMARC

  • genuine emails from your domain are being marked as spam
  • you’ve become aware of (or want to prevent) emails being sent out, claiming to be from your domain


example.com.  IN  MX  10  aspmx.l.google.com.

The problem of spam

  • it’ll give me a bad reputation with my users if they see dodgy emails appearing to come from me
  • spam filters from email providers will start to mark emails from example.com — including legitimate ones — as spam
  • when spam senders send out emails, including to invalid addresses, I’ll get ‘bounce back’ emails to my inbox — because the bounce back emails will go to the server listed in my MX record. This is known as ‘backscatter spam’ and will quickly get very annoying.

The problem of identifying senders

SPF — Sender Policy Framework

Implementing SPF

example.com.  IN  TXT  "v=spf1 include:amazonses.com ~all"

DKIM — DomainKeys Identified Mail

Implementing DKIM

w4brt6yt8k4lb7lvevow._domainkey.example.com  IN  CNAME w4brt6yt8k4lb7lvevow.dkim.amazonses.com

DMARC — Domain-based Message Authentication, Reporting and Conformance

  1. Check DKIM. If DKIM passes, DMARC passes. If DKIM fails or is not present, continue.
  2. Check SPF. If SPF fails, DMARC fails. If SPF passes, continue.
  3. Does the domain of the ‘envelope sender’/’Return-Path’ (the return address in our analogy) matches the domain of the ‘From’ address (the ‘From’ email is what appears in your email inbox)? If it matches, DMARC passes. Otherwise, DMARC fails.

Implementing DMARC

_dmarc.example.com  IN  TXT  "v=DMARC1;p=none;pct=100;rua=mailto:dmarcreports@example.com;"


Additional resources





Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Idle Assemble Car Hack Free Resources Generator

(Re)publish: Why Every Internet user should care about FISCR 16–01

{UPDATE} Šachy V+ Hack Free Resources Generator

How to Fight Online Voting Manipulation

Architecting World’s Largest Biometric Identity System: Aadhaar Experience

GDPR Compliance and You (and your North American Business)

DeXe June Ecosystem Updatе (+ Kattana & 111PG)

Hunting cybercrime using Artificial intelligence

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Keelan Fadden-Hopper

Keelan Fadden-Hopper


More from Medium

The Migra and 187 reasons why Mexicanos can’t cross the border.

My topic for the class is herd mentality.

The Anatomy of Failure

Best valentine’s celebration cities in United States