There are 3 email authentication protocols you should know about:

These work together to authenticate email in different ways. 

SPF verifies if an email was sent from an authorised IP address. This is done by adding a white list that sits in your DNS in the form of an SPF record. To learn more about SPF please click on the button below.

DKIM uses encryption in the header of emails to authenticate your email. It is made up of a public key and a private key. When you setup DKIM you are effectively giving your authorised senders a key to send on your behalf, so only those with it can send emails from your domain. 

Both of these help authenticate email in different ways but they do not enforce a policy so even with them both setup your domain us unprotected. To learn more about DKIM please click on the button below. 

DMARC uses SPF and DKIM to enforce a policy. It checks to see if SPF and DKIM pass or fail when an email is sent that fails the SPF and DKIM tests then DMARC will block that email from reaching the end user. 

DMARC is also a really useful tool as if implemented receivers will send you reports that you can use to better understand what is going on with your email. To learn more about DMARC please click on the button below.