To put simply – these three things work together to protect you and others from attacks, and is important to ensure your email messages are delivered.
Here’s a breakdown of what the terms mean:
SPF tells the internet what IP addresses or systems (such as Mailchimp, Google Workspace, Convertkit etc.) are allowed to send mail as you. SPF (or Sender Policy Framework) was created over 20 years ago as a way to combat spammers and scammers.
DKIM, or DomainKeys Identified Mail, is a system of digitally signing messages you send so that the recipient can trust that it really came from you. It’s the technological equivalent of a wax seal stamp.
DMARC, or Domain-based Message Authentication, Reporting and Conformance, works together with SPF and DKIM to tell the internet how to handle messages that are not compliant with SPF and/or signed with DKIM.
What that means for you: if you don’t have DKIM, SPF, and DMARC set up, hackers can spoof your domain and attack you and/or other people. You also run the risk of your outgoing emails dropping into the spam folder or simply not delivered.
Here are the 5 steps you need to take:
- Set up DMARC Monitoring
You’ll want to set up DMARC so you can start monitoring what systems are using your domain name to send emails. This involves creating a DNS record and using a service to receive and interpret the reports.
- Understand what systems your company uses to send email
What domains are you currently using and where are you sending emails from? For example, if you send emails from Mailchimp you’ll need to set up SPF and/or DKIM in Mailchimp. If you’re sending emails through ClickUp, you’ll need to set that up too, and so on.
- Set Up DKIM and/or SPF
Set up DKIM and/or SPF for each of the systems you find in #1. Setting this up will require you to add records to DNS.
- Change Your DMARC Policy to Quarantine
After you’ve properly configured all of your sending systems and have been monitoring for some time, change your policy to quarantine. This will cause any messages that fail compliance to not be delivered and instead dropped into a quarantine or users’ spam folder.
- Change Your DMARC Policy to Reject
Once you’ve quarantined for some time and everything looks good, you can move to reject. This will greatly reduce the chances that messages that are not compliant will be received.