SpoofCheck

Email security guides

Understand SPF, DKIM, and DMARC to protect your domain against email spoofing and phishing.

SPF (Sender Policy Framework)

SPF defines which servers are authorized to send emails for your domain. It's the first line of defense against email address spoofing.

  • How SPF works
  • Step-by-step configuration
  • 10 DNS lookup limit
  • Difference between -all and ~all
Read the guide

DKIM (DomainKeys Identified Mail)

DKIM uses asymmetric cryptography to sign your emails. It ensures the content hasn't been modified in transit and that the email actually comes from your domain.

  • Applied asymmetric cryptography
  • Key generation and publishing
  • Selectors and key rotation
  • Multi-service configuration
Read the guide

DMARC (Domain-based Message Authentication)

DMARC orchestrates SPF and DKIM by defining a clear policy for emails that fail verification. It also adds a reporting system to monitor your domain.

  • Policy: none, quarantine, reject
  • Domain alignment
  • Aggregate and forensic reports
  • Progressive deployment
Read the guide

SPF vs DKIM vs DMARC

Understand the differences between SPF, DKIM, and DMARC, and how these three protocols work together to protect your domain.

  • Comparison table
  • Role of each protocol
  • How they work together
  • Where to start
Read the guide

Check your domain for free

Test your SPF, DKIM, and DMARC configuration in one click. Our tool analyzes your domain and tells you exactly what to fix.

Test my domain