SPF, DKIM, and DMARC explained

Jul 21, 2021 | Best Practice, Email Marketing

The moment you press send on your email campaign, your beautifully designed and created email packs his bags and gets ready for travel.

Melaina Gross

He hops into the car (making sure to take his drivers licence along) and heads for the airport. At the airport he presents his passport, complete with visas for travel, and boards the plane. When he arrives at his destination, his passport is checked again before he’s granted entry into the country. 

The airports are the Internet Service Providers along his journey to his final destination – your customer’s mailbox. 

Successful email marketing goes beyond the design and content of your email campaign. If nobody receives your mail, then all that effort is for nothing. Did you know there’s a whole bunch of stuff going on in the background to get your mail to your subscriber’s inbox? 

Here’s a look into the world of deliverability and the importance of email authentication.  

Levels of authentication are taking place that help make email more secure. To get through the gates at the airport terminal of Internet Service Providers (ISPs), your email must pass a few authentication tests, and prove it’s sent by a legitimate sender.  

The way this is done is with SPF, DKIM, and DMARC. 

What are DMARC, DKIM, and SPF? They are acronyms for text records that prove an email sender is who they say they are. 

Here’s what each one does. 

What is SPF? 

SPF stands for Sender Policy Framework. It’s an email validation protocol to detect and block email spoofing.  

The best way to think of SPF is like the return address on a postcard you received in the post.  

It increases your level of trust when the return address is recognisable and reliable. 

The SPF record specifies which IP address is allowed to send email “from” your domain. This helps to tell the receiving ISP that the mail is being sent from an IP address that has been authorised by the administrators of that domain. 

All in all, it helps to protect you from spammers sending email on your behalf.  

Emails using first-party data to enrich the customer experience
Apple mail privacy protection

What is DKIM? 

DKIM stands for Domain Keys Identified Mail and it also builds trust between sender and receiver, but it’s a bit more complicated than SPF. DKIM’s advantage is that it can survive forwarding, which makes it superior to SPF and a foundation for securing your email.  

DKIM is important as it proves 3 things: 

  1. The content of your mail hasn’t been tampered with.
  2. The headers in the email haven’t changed since the original sender sent the email, and there’s no new “from” domain.
  3. The sender of the mail owns the DKIM, or is permitted by the owner of that domain.

DKIM is a way to sign an email with a digitally encrypted signature. This signature is a header that gets included in an email message. It’s not visible in the email itself unless you go looking for it here.

When we troubleshoot delivery issues, we’ll ask our clients to send us the headers of the email in question. It tells the story – like a passport with visa stamps – about where the mail has come from. 

What is DMARC? 

DMARC stands for Domain-Based Message Authentication, Reporting, and Conformance. Phew, what a mouthful!  

It’s an added authentication method using both SPF and DKIM to verify whether or not an email was sent by the owner of the “friendly” from domain that the user sees displayed as the sender name in their mailbox. 

In order for DMARC to pass, both SPF and DKIM must work.  

Basically, a message that doesn’t have its house in order is treated as phishing and is not delivered. 

This is why it’s so important to have SPF, DKIM, and now DMARC set up correctly. 

When a client is experiencing delivery issues with their mail campaign, this is one of the first things we check.  

Emails using first-party data to enrich the customer experience

A word to the wise – the DMARC/DKIM/SPF journey isn’t a simple one, with lots of side roads and diversions. We’re here to help. If you want to check that your SPF, DKIM, and DMARC are set up correctly and are helping your email campaign deliverability, ask us to do a deliverability audit.  

We offer a deliverability audit for $90 (ZAR 1200) and advise on the steps needed to fix any issues discovered in the audit.

Recommended reading

Webinar: Top email trends to try in 2023 🤯

Get ready to level up your email marketing game in 2023! Access the webinar recording to discover the top email trends and strategies that you can start using now to drive better engagement, open rates, and conversions.

The Cantaloupe Story

Read about us and meet our team

Join our team. Work from anywhere

Help us make email marketing better

Helping marketing teams and agencies since 2006

Overview of email marketing. Learn more

Email templates

Tried and tested 
Custom designs

Managed service

Data work
Campaign Management


Automate marketing processes & tasks
Lead nurturing

Email Masterclass

For marketers and communications specialists