Your Complete Guide to Email Authentication & DMARC

Email Security Glossary: Key Terms Explained

Confused by DMARC, SPF, or DKIM? Our plain-English glossary defines the key terms you need to know to secure your domain.

DMARC Fundamentals: How Alignment, Policies, and Reports Protect Your Domain

DMARC builds on SPF and DKIM to stop exact‑domain spoofing with alignment, enforceable policies (none → quarantine → reject), and actionable reporting. Learn concepts, phased rollout, and frequent pitfalls.

RFC 7489: DMARC Specification Full Text

The complete IETF standard defining DMARC. Published March 2015 by M. Kucherawy and E. Zwicky. Formatted for web reading with internal navigation.

DMARC Record Tags Guide: Plain-Language Examples

All 11 DMARC DNS record tags explained in plain language with copy-paste records for Gmail, Microsoft 365, and more. Three-phase deployment from monitor to reject.

Why DMARC Was Created: Closing SPF/DKIM Gaps with Alignment and Enforcement

SPF checks paths. DKIM signs content. Neither binds to the visible From: nor enforces outcomes. DMARC fixes that with alignment, policies, and feedback, blocking brand impersonation at scale.

From Spam to BEC: A Practical History of Email Vulnerabilities

A timeline from SMTP’s trust‑based origins through open relays, spoofing, and modern phishing to today’s standards. Understand the attacks that drove SPF, DKIM, and ultimately DMARC.

SMTP Weaknesses and Open Relays: The Security Gaps Behind Spoofing

Explore SMTP's core flaws (no sender auth, header forgery, command injection, and smuggling) and how open relays amplified abuse. The technical backdrop that explains why DMARC exists.

SPF Explained: What It Solves, Where It Fails, and How It Fits DMARC

Understand SPF's DNS‑based sender authorization, alignment gaps, forwarding pitfalls, and the 10‑lookup limit. Learn safe patterns, optimization strategies, and how SPF contributes to DMARC results.

SPF Record Flattening: When You Need It, When You Don't, and How to Do It Safely

Hit the 10 DNS lookup limit? This guide covers SPF flattening trade‑offs, stale‑record risks, TTL pitfalls, and alternatives like removing unnecessary includes and subdomain delegation.

DKIM Signatures: Cryptographic Trust, Blind Spots, and Role in DMARC

How DKIM signs messages with DNS‑published keys, what d=/s= mean, and where signatures fall short (header spoofing, alignment). Practical guidance on key sizes, rotation, selectors, and canonicalization.

MTA‑STS for SMTP: Enforcing TLS and MX Pinning to Stop Downgrades

Deploy MTA‑STS with a DNS id and HTTPS policy file to prevent STARTTLS downgrade and MX redirection. Modes, examples, TLSRPT reporting, and a safe rollout plan included.

BIMI: Show Your Brand Logo in the Inbox (Requirements, VMC, DNS)

BIMI displays your verified logo when DMARC is enforced. Learn prerequisites, SVG constraints, certificate options, and the TXT record format so supported providers can render your brand mark.

API Reference: Programmatic Access to Your DMARC Data

Integrate DMARCTrust into your monitoring systems, dashboards, and automation workflows. Includes authentication, endpoints, code examples in Python, JavaScript, and Ruby.