Email Security Glossary

We know email security is full of acronyms and technical jargon. We've translated the most important terms into plain English.

Jump to a term

Alignment Authentication BIMI Deliverability DKIM DMARC DNS Enforcement MTA MX Phishing Policy Policy Modes RUA / RUF Reports SMTP SPF Spoofing TLS

Alignment

Alignment is the "secret sauce" of DMARC. It simply means that the address in the "From" header (what your customer sees) matches the technical address authenticated by the server (SPF or DKIM).

Why it matters: Without alignment, anyone could use their own valid server to send email that looks like it comes from you. Alignment ensures the sender isn't just authorized, but is actually authorized by you.

Read more about DMARC Alignment →

Authentication

Authentication is the process of verifying that an email actually came from where it claims to be from. In the email world, we don't use passwords for this; we use cryptographic signatures (DKIM) and authorized IP lists (SPF).

Why it matters: The internet was built on trust, which is now broken. Authentication restores that trust so receivers know the email is really from your company and not an imposter.

BIMI (Brand Indicators for Message Identification)

BIMI is a standard that allows you to display your verified brand logo next to your messages in the recipient's inbox.

Why it matters: It's a reward for good security. To get BIMI, you usually need to be at full DMARC enforcement (p=reject). It builds immediate visual trust with your customers.

View full BIMI guide →

Deliverability

Deliverability is the measure of how successfully your emails reach the inbox, rather than getting blocked or sent to the spam folder.

Why it matters: You can have the best marketing campaign in the world, but if deliverability is poor, no one will see it. DMARC helps improve deliverability by proving your domain is legitimate.

DKIM (DomainKeys Identified Mail)

Think of DKIM as a digital wax seal on your envelope. It adds a cryptographic signature to your emails that proves the message hasn't been tampered with during transit.

Why it matters: It ensures message integrity. If a hacker tries to intercept an email and change the bank account number, the "seal" (signature) will break, and the email will fail authentication.

Deep dive into DKIM →

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC is the boss. It uses SPF and DKIM to authenticate email, but adds a crucial instruction layer. It tells the receiver what to do if an email fails those checks.

Why it matters: Without DMARC, you can't stop spoofing. Receivers might see a fake email, but they won't know if they should block it. DMARC gives you control and visibility.

Get started with DMARC →

DNS (Domain Name System)

Often called the "phonebook of the internet," DNS translates human-friendly names like dmarctrust.com into computer-friendly IP addresses. It also stores text records (TXT) where we publish SPF, DKIM, and DMARC policies.

Why it matters: Your security policies live in your DNS. If your DNS is misconfigured, your email security is broken.

See DMARC DNS Specifications →

Enforcement

Enforcement is the status you reach when your DMARC policy is set to p=quarantine or p=reject. It means you are no longer just watching (monitoring); you are actively policing your domain traffic.

Why it matters: It's the end goal of DMARC. Monitoring is interesting, but enforcement is what actually stops the bad guys from using your brand.

Learn about phased enforcement →

MTA (Mail Transfer Agent)

An MTA is the software equivalent of a post office sorting facility. It's the server software (like Postfix or Exchange) that transfers emails from one computer to another.

Why it matters: You don't usually need to manage this directly if you use a provider like Google or Microsoft, but understanding that email hops between these "post offices" helps explain why authentication is necessary.

MX (DNS Record)

MX (Mail Exchange) records are entries in your DNS that tell the world which mail servers are allowed to accept emails on behalf of your domain. They are like the destination address for incoming mail.

Why it matters: It's how you receive email. If this is wrong, you don't get mail. Advanced protocols like MTA-STS help protect these records from being bypassed.

See how MTA-STS protects MX →

Phishing

Phishing is a cyberattack where scammers disguise themselves as a trustworthy entity to trick victims into revealing sensitive information or transferring money.

Why it matters: It's the #1 cause of data breaches. DMARC is specifically designed to stop "exact-domain" phishing, where the attacker uses your exact email address.

See history of email vulnerabilities →

Policy

A DMARC Policy is the set of instructions you publish in your DNS. It combines your reporting addresses (where to send data), your alignment requirements, and your enforcement mode into a single text record.

Why it matters: It's your public declaration of security. It tells every email receiver in the world exactly how you want them to handle emails claiming to be from you.

View DMARC Record syntax →

Policy Modes (None, Quarantine, Reject)

DMARC has three levels of enforcement:

  • None (p=none): "Monitoring mode." No action is taken against failing emails. You just collect data.
  • Quarantine (p=quarantine): Suspicious emails are sent to the spam/junk folder.
  • Reject (p=reject): "Enforcement mode." Suspicious emails are blocked completely and never delivered.

Why it matters: The goal is to get to Reject. Staying at "None" gives you visibility, but it doesn't protect your brand from abuse.

RUA / RUF Reports

These are the reports sent by email receivers (like Google or Yahoo) back to you.

  • RUA (Aggregate): Daily summaries showing who is sending email as your domain. This is what DMARCTrust visualizes for you.
  • RUF (Forensic): Detailed copies of specific emails that failed checks (rarely supported due to privacy concerns).

Why it matters: Reports are your eyes and ears. They tell you if your legitimate emails are passing and if hackers are attacking you.

SMTP (Simple Mail Transfer Protocol)

SMTP is the standard language that mail servers use to talk to each other and send emails. It was designed in the 1980s based on trust.

Why it matters: Because it was built without security in mind, it has no built-in way to verify sender identity. This gap is exactly why we need SPF, DKIM, and DMARC to "patch" the vulnerability.

Read about SMTP limitations →

SPF (Sender Policy Framework)

SPF is like a guest list for a club. It's a DNS record that lists all the IP addresses and services (like "include:_spf.google.com") that are authorized to send email for your domain.

Why it matters: If an email comes from an IP not on the list, the "bouncer" (receiving server) knows it's unauthorized.

Deep dive into SPF →

Spoofing

Spoofing is the act of forging the sender address in an email to make it look like it came from someone else.

Why it matters: It's easy to do because the basic email protocol (SMTP) doesn't verify sender identity by default. DMARC fixes this vulnerability.

Understand SMTP Limitations →

TLS (Transport Layer Security)

TLS is the technology that encrypts the connection between two mail servers. It ensures that when an email travels from Server A to Server B, no one can read it off the wire.

Why it matters: It protects privacy and prevents snooping while the email is moving through the internet cables. Protocols like MTA-STS make TLS mandatory.

Learn about MTA-STS and TLS →

Was this page helpful? Send us feedback

← Back to Home Check Your Domain