1. Home
  2. Domain Verification
  3. DKIM, SPF and DMARC


DKIM – Domain Keys Identified Mail

DKIM is an authentication method, which uses encryption to validate if the email is generated from the authorized services, which are approved by the administrators.

How DKIM Works

In DKIM process, a public key is published as a TXT record for the domain’s DNS Manager(registrar of the domain or DNS Provider). Every outgoing email includes a unique signature generated using the private key for the particular domain.

The receiving email server uses this private-public key combination to validate the email source. If there is a validation failure, the recipient server may reject the email or classify it as Spam/ Forged email, based on the server behavior.

Enabling and using DKIM for your domain, ensures that valid emails sent using Pepo Campaigns, are not classified as Spam at the recipient end.

Sender Policy Framework

Sender Policy Framework/ SPF is an Email validation system, to find out spoofed/ forged emails using a specific SPF record published for the domain with the details of hosts, that are permitted by the domain’s administrators.

About SPF Records

Sender Policy Framework/ SPF Records is a type of DNS record published in the domain’s DNS that identifies the email servers that are permitted to send emails using the particular domain name.

The main purpose of SPF records is to help the receiving server identify the spam emails, sent using your domain name by spoofing/ forging the From email addresses. We highly recommend the organization users to publish the SPF records for your domain.

Multiple SPF Records

Multiple SPF records are not considered valid according to the Sender Policy Framework.

When you add multiple TXT records of type SPF, it causes an interruption in the email delivery and your emails may end up being classified as Spam. As per the RFC Specifications for SPF records, a domain should not have multiple SPF records and this will cause the validation to select more than one record.

In case you need to use multiple email servers for your domain, you can update the details in the same SPF record instead of multiple entries.

You can validate and check your SPF Records using this tool.

What is DMARC

DMARC stands for “Domain-based Message Authentication, Reporting & Conformance”, it is an email authentication protocol. It builds on the widely deployed SPF and DKIM protocols, also adds a reporting function that allows senders and receivers to improve and monitor the protection of the domain from fraudulent email.

The Spammers often ‘forge’ or ‘fake’ the ‘From addresses’ in the emails, and make it appear as it comes from your domain.

To prevent this type of abuse using your domain, and to let the other recipient domains know about your outgoing domain policies, you can publish a DMARC record, using which the email services which use the DMARC standards can handle the unauthenticated emails.

This also helps in controlling ‘Phishing’ activities using your domain and helps protect your domain’s reputation.

Before publishing DMARC

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and instructs the receivers about the action, if both the SPF and DKIM checks fail, like Quarantine or reject the message.

DMARC helps the receiver to handle the failed messages better, and hence limits or removes the end recipients exposure to such spoofed emails using the Domain. DMARC also provides a way for the email receiver to report back to the sender about emails that pass and/or fail DMARC evaluation.

The DMARC policy will be effective, only if you send all the email using your own domains. Email sent on behalf of your domain, via third party services will appear unauthenticated, and may be rejected based on your DMARC policy published. To authorize the emails via third party providers, you need to share the DKIM key to be included in the headers, or the emails should be sent via the SMTP servers which already has the authorized DKIM Keys and SPF records published.

You need to configure the SPF Records and DKIM Keys for your domains before you publish the DMARC Policy. The DMARC policy is based on SPF and DKIM Keys, to ensure the email authenticity. An email using your domain email address, which fails the SPF test and/ or the DKIM test, will trigger the DMARC policy.


Updated on February 8, 2017

Related Articles