Email security guides
Understand SPF, DKIM, DMARC, and MTA-STS to protect your domain against email spoofing and phishing.
SPF (Sender Policy Framework)
SPF defines which servers are authorized to send emails for your domain. It's the first line of defense against email address spoofing.
- How SPF works
- Step-by-step configuration
- 10 DNS lookup limit
- Difference between -all and ~all
DKIM (DomainKeys Identified Mail)
DKIM uses asymmetric cryptography to sign your emails. It ensures the content hasn't been modified in transit and that the email actually comes from your domain.
- Applied asymmetric cryptography
- Key generation and publishing
- Selectors and key rotation
- Multi-service configuration
DMARC (Domain-based Message Authentication)
DMARC orchestrates SPF and DKIM by defining a clear policy for emails that fail verification. It also adds a reporting system to monitor your domain.
- Policy: none, quarantine, reject
- Domain alignment
- Aggregate and forensic reports
- Progressive deployment
MTA-STS (Mail Transfer Agent Strict Transport Security)
MTA-STS enforces TLS encryption between mail servers, preventing downgrade attacks and email interception in transit.
- How MTA-STS works
- Step-by-step configuration
- Difference with STARTTLS
- TLSRPT for reports
SPF vs DKIM vs DMARC
Understand the differences between SPF, DKIM, and DMARC, and how these three protocols work together to protect your domain.
- Comparison table
- Role of each protocol
- How they work together
- Where to start
Check your domain for free
Test your SPF, DKIM, DMARC, and MTA-STS configuration in one click. Our tool analyzes your domain and tells you exactly what to fix.
Test my domain