When email forwarding breaks SPF and DKIM, ARC lets intermediaries vouch for messages they verified before modification—creating a chain of witnesses that receivers can trust.
BIMI turns email authentication into something users can see—your verified logo appears only when messages pass strict identity checks, making imposters obvious through their absence.
How DKIM's cryptographic signatures prove an email is exactly what the sender sent—and why that's different from proving who sent it.
DMARC closes the gap that SPF and DKIM leave open: you can pass authentication and still lie about who you are. Here's how domain owners fight back.
DKIM lets you cryptographically sign emails so receivers can verify they actually came from your domain—here's how to generate keys, publish them in DNS, and configure your mail server to sign every outbound message.
DMARC protects your domain from spoofing—but deploy it wrong and you'll block your own email. Here's the phased approach that gets you to full protection without casualties.
SPF is a public declaration in DNS: these servers speak for my domain, everyone else is lying. Here's how to build that declaration correctly.
SPF lets domain owners publish a guest list: these servers can send as us, everyone else is lying. Here's how to read and write those lists.
Was this page helpful?