InfoTrust - SPF and DKIM Consulting


SPF, or Sender Policy Framework, is a simple email authentication protocol used to validate your email. SPF provides a mechanism for receiving mail exchangers to check that incoming mail from a domain is coming from one which is authorised. Email receivers who validate the authenticity of messages will use SPF to query the DNS records associated with your sending domain to obtain a list of IP addresses you have explicitly authorized as valid sending systems.


DKIM, or DomainKeys Identified Mail, defines a standardised way for those who send email to digitally sign. This allows recipients to confirm with a high degree of assurance who the sender of the email really is, and whether or not the message was altered during transit. It complements SPF by providing email senders with a way to digitally sign all outgoing email from their domain.

DKIM is one of the two underlying authentication method incorporated into DMARC.


SPF and DKIM alone aren’t complete solutions to email authentication. With just DKIM and SPF there is no way for a recipient system to know how much reliance they should put on email validation and there is no way for email recipients to send feedback to senders. Additionally, domains that are authenticated are buried deep in the message headers and are not easily visible to a typical end user.

These limitations have led to the development of DMARC – the only way to truly authenticate emails.

Find out more about DMARC here.