> >

SPF vs DKIM vs DMARC

SPF, DKIM, and DMARC work together, but they do different jobs. SPF checks whether a sending server is allowed to send mail for a domain. DKIM checks whether the message was cryptographically signed and not altered in transit. DMARC tells receivers how to handle messages that fail alignment checks and where to send reports.

SPF

SPF is a sender authorization policy published in DNS TXT records. It is useful, but by itself it is not a complete anti-spoofing control.

DKIM

DKIM adds a digital signature to an email. That lets the receiver validate that specific headers and content were signed with a key associated with the sending domain.

DMARC

DMARC builds on SPF and DKIM by adding alignment rules and policy instructions such as none, quarantine, or reject.

Practical takeaway

If you want a stronger email authentication posture, publish all three correctly and test them together instead of relying on only one control.

MX Lookup SPF Checker DKIM Checker DMARC Checker DNS Lookup Methodology

Recommended email authentication checks

SPF Checker Validate sender-authorization policy for the domain. DKIM Checker Check selector-based signing records and formatting. DMARC Checker Review policy, alignment, and reporting instructions. MX Lookup Confirm where inbound mail is supposed to be delivered.

Related email authentication comparisons

SPF vs DMARC Compare sender authorization with policy and alignment. DKIM vs DMARC Compare message signing with enforcement and reporting. MX Record vs SPF Record Separate mail routing from sender authorization. MX Record vs TXT Record Understand mail-routing records versus text-based policy records. MX vs SPF vs DMARC Compare inbound routing, sender authorization, and policy enforcement.

Related guides

How to Check SPF, DKIM, and DMARC Step through the records that matter for email authentication. What Is DKIM? Learn what DKIM signing proves and where it fits. How to Check DMARC Records Review syntax, policy modes, and reporting tags. What Is an MX Record? Understand how mail-routing records fit into delivery troubleshooting.

Featured collections

Email Provider Domain Lookups Browse major email-provider domains for DNS and mail-policy research. Developer Domain Lookups Compare technical domains that commonly publish complex DNS and mail records.

Wave 6 related guides

More troubleshooting and comparison pages connected to this topic.

DKIM Selector Troubleshooting

Review selector-specific DKIM issues and DNS mistakes.

Read guide →

SPF Permerror vs Softfail

Compare common SPF problem states in plain English.

Read guide →

NS Lookup for Delegation Checks

Validate nameserver delegation during DNS changes.

Read guide →

AAAA Record vs A Record

Compare IPv6 and IPv4 hostname mapping during DNS review.

Read guide →

RDAP Status Codes Explained

Interpret domain status values during registration research.

Read guide →

HTTP Headers vs DNS Records

Understand what belongs to the DNS layer versus the web layer.

Read guide →

Browse the full hubs

Jump into broader editorial collections built around comparisons and real-world workflows.

Comparison Guides

Browse side-by-side explainers across DNS, IP, RDAP, WHOIS, SSL, and email-authentication topics.

Browse comparisons →

Network Use-Case Guides

Browse workflow-based guides for investigations, migrations, mail troubleshooting, delegation checks, and security review.

Browse use cases →