If your legitimate email keeps landing in spam, the cause is usually missing or broken email authentication. Three standards — SPF, DKIM and DMARC — tell the world that mail claiming to be from your domain is really from you. Here's what each does, without the jargon.
SPF — who's allowed to send
SPF (Sender Policy Framework) is a list, published in your DNS, of the servers permitted to send email for your domain. When a receiving server gets your message, it checks whether it came from an approved source.
DKIM — a tamper-proof signature
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to each message. The receiver verifies it against a key in your DNS, proving the message genuinely came from your domain and wasn't altered in transit.
DMARC — the policy that ties it together
DMARC tells receivers what to do when a message fails SPF and DKIM — ignore it, quarantine it, or reject it — and can send you reports on who is sending mail in your name. It turns the first two from suggestions into an enforced policy.
Why it matters
- Your legitimate mail reaches the inbox, not spam
- Scammers can't easily spoof your domain
- You get visibility into abuse of your domain
- Many partners and platforms now require it
Getting these right is fiddly but high-impact — a one-time setup with ongoing monitoring. If your mail isn't landing, this is usually why; we can audit and fix it.
← All insights