Skip to content
RelayPost Docs

Email Authentication

What Is Email Authentication?

Section titled “What Is Email Authentication?”

Email authentication is a set of protocols that verify an email was sent by an authorized server and was not modified in transit. The three main protocols — SPF, DKIM, and DMARC — work together to prevent spoofing, improve deliverability, and protect your domain’s reputation.

Without email authentication, anyone can send email claiming to be from your domain. This is how phishing attacks work. Authentication protocols give receiving servers a way to verify legitimacy.

SPF vs DKIM vs DMARC

Section titled “SPF vs DKIM vs DMARC”
ProtocolWhat It DoesDNS Record TypeRequired?
SPFLists authorized sending serversTXT on rootYes
DKIMAdds cryptographic signature to each emailTXT on selectorYes
DMARCSets policy for authentication failuresTXT on _dmarcRecommended

How They Work Together

Section titled “How They Work Together”
  1. SPF checks if the sending server’s IP is authorized for the domain
  2. DKIM checks if the email content was signed and unmodified
  3. DMARC checks if SPF or DKIM passed with domain alignment, then applies your policy

An email passes DMARC if either SPF or DKIM passes and aligns with the From domain.

Setup Order

Section titled “Setup Order”

  1. Set up SPF — add a TXT record listing your email provider

  2. Set up DKIM — add the public key TXT record from your provider

  3. Set up DMARC — add a policy record starting with p=none

  4. Verify your domain — confirm all records are in place

RelayPost generates DKIM keys and provides the exact DNS records to add when you verify a domain.

Frequently Asked Questions

Section titled “Frequently Asked Questions”

What is email authentication?

Section titled “What is email authentication?”

Email authentication is a set of DNS-based protocols (SPF, DKIM, DMARC) that verify an email was sent by an authorized server and was not modified in transit. It prevents spoofing, improves deliverability, and protects your domain’s reputation.

Do I need all three protocols (SPF, DKIM, DMARC)?

Section titled “Do I need all three protocols (SPF, DKIM, DMARC)?”

SPF and DKIM are required by major inbox providers like Gmail and Yahoo for bulk senders. DMARC is strongly recommended because it ties SPF and DKIM together and gives you control over what happens when authentication fails.

What happens if I don’t set up email authentication?

Section titled “What happens if I don’t set up email authentication?”

Without authentication, your emails are more likely to land in spam. Your domain is also vulnerable to spoofing — anyone can send email pretending to be from your domain. Major inbox providers may reject unauthenticated email entirely.