What is Email Authentication?
Email authentication is a collection of protocols that verify the identity of an email sender. It allows receiving mail servers to confirm that an email genuinely came from the domain it claims to be from, and that it hasn't been tampered with in transit.
The three core email authentication protocols are SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance). Together, they form the foundation of email security.
The Three Pillars
| Protocol | What It Does | DNS Record |
|---|---|---|
| SPF | Lists authorized sending servers | TXT record on domain |
| DKIM | Cryptographically signs emails | TXT record at selector._domainkey |
| DMARC | Sets policy for authentication failures | TXT record at _dmarc |
Why It Matters
- Prevents spoofing — Stops attackers from sending email that appears to come from your domain.
- Required by major ESPs — Gmail and Yahoo require SPF/DKIM/DMARC for bulk senders (5,000+ emails/day).
- Improves deliverability — Authenticated emails are more likely to reach the inbox.
- Protects brand — Prevents your domain from being used in phishing attacks.
Check all three at once with Mailchk's free tools: SPF Checker, DMARC Checker, and Email Health Score.