{
	"id": "9dc898ea-00db-4a60-a1a6-ca43f8321d36",
	"created_at": "2026-04-06T03:35:33.51396Z",
	"updated_at": "2026-04-10T03:20:55.922639Z",
	"deleted_at": null,
	"sha1_hash": "e24096a57843154e9a4b0a689c09cfbab8871651",
	"title": "What are DMARC, DKIM, and SPF?",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 59977,
	"plain_text": "What are DMARC, DKIM, and SPF?\r\nArchived: 2026-04-06 02:50:40 UTC\r\nWhat are DMARC, DKIM, and SPF?\r\nDMARC, DKIM, and SPF are three email authentication methods. Together, they help prevent spammers,\r\nphishers, and other unauthorized parties from sending emails on behalf of a domain* they do not own.\r\nDKIM and SPF can be compared to a business license or a doctor's medical degree displayed on the wall of an\r\noffice — they help demonstrate legitimacy.\r\nMeanwhile, DMARC tells mail servers what to do when DKIM or SPF fail, whether that is marking the failing\r\nemails as \"spam,\" delivering the emails anyway, or dropping the emails altogether.\r\nDomains that have not set up SPF, DKIM, and DMARC correctly may find that their emails get quarantined as\r\nspam, or are not delivered to their recipients. They are also in danger of having spammers impersonate them.\r\n*A domain, roughly speaking, is a website address like \"example.com\". Domains form the second half of an email\r\naddress: alice@example.com, for instance.\r\nHow does SPF work?\r\nSender Policy Framework (SPF) is a way for a domain to list all the servers they send emails from. Think of it like\r\na publicly available employee directory that helps someone to confirm if an employee works for an organization.\r\nSPF records list all the IP addresses of all the servers that are allowed to send emails from the domain, just as an\r\nemployee directory lists the names of all employees for an organization. Mail servers that receive an email\r\nmessage can check it against the SPF record before passing it on to the recipient's inbox.\r\nHow does DKIM work?\r\nDomainKeys Identified Mail (DKIM) enables domain owners to automatically \"sign\" emails from their domain,\r\njust as the signature on a check helps confirm who wrote the check. The DKIM \"signature\" is a digital signature\r\nthat uses cryptography to mathematically verify that the email came from the domain.\r\nSpecifically, DKIM uses public key cryptography:\r\nA DKIM record stores the domain's public key, and mail servers receiving emails from the domain can\r\ncheck this record to obtain the public key\r\nThe private key is kept secret by the sender, who signs the email's header with this key\r\nMail servers receiving the email can verify that the sender's private key was used by applying the public\r\nkey\r\nhttps://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/\r\nPage 1 of 3\n\nHow does DMARC work?\r\nDomain-based Message Authentication Reporting and Conformance (DMARC) tells a receiving email server what\r\nto do given the results after checking SPF and DKIM. A domain's DMARC policy can be set in a variety of ways\r\n— it can instruct mail servers to quarantine emails that fail SPF or DKIM (or both), to reject such emails, or to\r\ndeliver them.\r\nDMARC policies are stored in DMARC records. A DMARC record can also contain instructions to send reports\r\nto domain administrators about which emails are passing and failing these checks. DMARC reports give\r\nadministrators the information they need to decide how to adjust their DMARC policies (for example, what to do\r\nif legitimate emails are erroneously getting marked as spam).\r\nWhere are SPF, DKIM, and DMARC records stored?\r\nSPF, DKIM, and DMARC records are stored in the Domain Name System (DNS), which is publicly available.\r\nThe DNS's main use is matching web addresses to IP addresses, so that computers can find the correct servers for\r\nloading content over the Internet without human users having to memorize long alphanumeric addresses. The\r\nDNS can also store a variety of records associated with a domain, including alternate names for that domain\r\n(CNAME records), IPv6 addresses (AAAA records), and reverse DNS records for domain lookups (PTR records).\r\nDKIM, SPF, and DMARC records are all stored as DNS TXT records. A DNS TXT record stores text that a\r\ndomain owner wants to associate with the domain. This record can be used in a variety of ways, since it can\r\ncontain any arbitrary text. DKIM, SPF, and DMARC are three of several applications for DNS TXT records.\r\nHow to check if an email has passed SPF, DKIM, and DMARC\r\nMost email clients provide an option labeled \"Show details\" or \"Show original\" that displays the full version of an\r\nemail, including its header. The header — typically a long block of text above the body of the email — is where\r\nmail servers append the results of SPF, DKIM, and DMARC.\r\nReading through the dense header can be tricky. Users viewing it on a browser can click \"Ctrl+F\" or\r\n\"Command+F\" and type \"spf,\" \"dkim,\" or \"dmarc\" to find these results.\r\nThe relevant text might look like:\r\narc=pass (i=1 spf=pass spfdomain=example.com dkim=pass\r\ndkdomain=example.com dmarc=pass fromdomain=example.com);\r\nThe appearance of the word \"pass\" in the text above indicates that the email has passed an authentication check.\r\n\"spf=pass,\" for example, means the email did not fail SPF; it came from an authorized server with an IP address\r\nthat is listed in the domain's SPF record.\r\nhttps://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/\r\nPage 2 of 3\n\nIn this example, the email passed all three of SPF, DKIM, and DMARC, and the mail server was able to confirm it\r\nreally came from example.com and not an impostor.\r\nIt is important to note that these records themselves do not enforce the domain's policies or authenticate the\r\nemails. The mail servers have to check them and apply them correctly for the records to have any effect.\r\nIt is also important to note that domain owners need to configure their SPF, DKIM, and DMARC records properly\r\nthemselves — both in order to prevent spam from their domain, and to make sure that legitimate emails from their\r\ndomain are not marked as spam. Web hosting services do not necessarily do this automatically. Even domains that\r\ndo not send emails should at least have DMARC records so that spammers cannot pretend to send emails from\r\nthat domain.\r\nHow to set up DMARC, DKIM, and SPF for a domain\r\nDMARC, DKIM, and SPF have to be set up in the domain's DNS settings. Administrators can contact their DNS\r\nprovider — or, their web hosting platform may provide a tool that enables them to upload and edit DNS records.\r\nFor more details on how these records work, see our articles about them:\r\nSPF DNS records\r\nDKIM DNS records\r\nDMARC DNS records\r\nHow to easily set up these records in Cloudflare\r\nTo set up these records in Cloudflare, use the Email Security DNS Wizard.\r\nSource: https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/\r\nhttps://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/"
	],
	"report_names": [
		"dmarc-dkim-spf"
	],
	"threat_actors": [],
	"ts_created_at": 1775446533,
	"ts_updated_at": 1775791255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e24096a57843154e9a4b0a689c09cfbab8871651.pdf",
		"text": "https://archive.orkl.eu/e24096a57843154e9a4b0a689c09cfbab8871651.txt",
		"img": "https://archive.orkl.eu/e24096a57843154e9a4b0a689c09cfbab8871651.jpg"
	}
}