Email Authentication
Email authentication is a set of DNS-based protocols that verify the sender's identity and prevent email spoofing. The three core standards are SPF (authorizes sending IPs), DKIM (cryptographic signature verifying content integrity), and DMARC (policy for handling authentication failures). Together, they tell receiving servers whether an email is legitimate.
The Three Pillars
SPF - Lists which IPs can send email for your domain. Checked against the envelope sender (return-path).
DKIM - Attaches a cryptographic signature to the email. The receiving server verifies the signature using your public DNS key. Confirms the email was not modified in transit.
DMARC - Tells receiving servers what to do when SPF or DKIM fails: none (monitor), quarantine (spam folder), or reject (block). Also enables aggregate and forensic reporting.
All three must be properly configured for strong email authentication. Missing any one creates gaps that spammers can exploit.
Related Terms
SPF (Sender Policy Framework)
Tells receiving servers which IPs can send email for your domain.
DKIM (DomainKeys Identified Mail)
Adds a digital signature to emails proving they haven't been tampered with.
DMARC (Domain-based Message Authentication)
Tells email receivers how to handle messages that fail SPF or DKIM checks.
BIMI (Brand Indicators for Message Identification)
A standard that displays your verified brand logo next to your emails in supported inboxes.
Need help with email deliverability?
Transmit handles authentication, warmup, and reputation isolation automatically.