The Three email security Amigos – SPF DKIM and DMARC

There are three critical protections when it comes to Email security. SPF, DKIM, and DMARC. Some people get tripped up on these three and what their role is. So here is an anecdotal tale of the three email security amigos.

SPF (Sender Policy Framework): The Nightclub Bouncer

Image by jcomp on Freepik

Imagine you’re at a popular nightclub called “Email Inbox.” Outside, there’s a bouncer checking IDs. Some people are on the guest list; they get in quickly. Others, who aren’t on the list, get turned away.

SPF acts like this bouncer. It checks whether the server trying to send an email on behalf of a domain (like is actually authorized by that domain. If the sending server’s not on the domain’s guest list (the SPF record), it might not let the email into the club.

DKIM (DomainKeys Identified Mail): The Wax Seal

Image by Freepik

In medieval times, nobles sent letters sealed with wax, stamped with their unique signet ring. This was a way to prove a message’s authenticity: if the seal was unbroken upon delivery, the recipient knew it was genuinely from the sender.

DKIM is the digital version of this wax seal. When a domain sends an email, it adds a digital signature, effectively “sealing” the email. The receiving server checks this seal against the domain’s public key. If it matches, it confirms the email hasn’t been tampered with and truly comes from the claimed domain.

DMARC (Domain-based Message Authentication, Reporting & Conformance): The Club Owner’s Directive

Image by katemangostar on Freepik

Now, imagine the nightclub owner wants more control over who enters and what happens if someone tries to sneak in. They may decide that only guests on the VIP list can enter, and if someone tries to impersonate a VIP, they should be reported.

DMARC is like the club owner’s directive. It allows a domain to specify how emails claiming to be from it should be handled if they fail SPF or DKIM checks. Should they be quarantined (maybe placed in a spam folder)? Rejected outright? Or just monitored? It also allows for reports to be sent back to the domain about these actions, helping them monitor and adjust their email security.

Together, these three protocols work to ensure emails are genuine, not tampered with, and that domains have control over and insight into their email security.

Scroll to Top