SPF, DKIM and DMARC are three email authentication protocols that prove an email is really from your domain. Modern mailbox providers — Gmail, Yahoo, Microsoft and others — require all three to be properly configured before they'll trust your sending.
SPF — Sender Policy Framework
SPF is a DNS record that lists which servers are allowed to send email for your domain. When a mailbox provider receives your message, it checks the sending server against your SPF list. If the server isn't authorized, the email is treated as suspicious.
DKIM — DomainKeys Identified Mail
DKIM cryptographically signs every message you send with a private key. The mailbox provider uses your public key (also in DNS) to verify the signature. If the signature checks out, the email hasn't been tampered with in transit.
DMARC — Domain-based Message Authentication
DMARC is the policy layer. It tells mailbox providers what to do when SPF or DKIM fails — quarantine, reject, or just observe. DMARC also gives you reports on who's trying to send email pretending to be your domain.
Set them up before your first send
Configuring all three is faster than most marketers expect — usually under 30 minutes total. Start with SPF, then DKIM, then DMARC. The Deliverability Center confirms each one is working.
Visit the Intelligent Deliverability Center to see your score and start improving your email deliverability today.