Email authentication can seem complicated, but understanding SPF, DKIM, and DMARC is essential for reliable email delivery. ## SPF (Sender Policy Framework) SPF tells receiving servers which IP addresses are authorized to send email for your domain. It's a simple DNS TXT record that lists allowed senders. Example: `v=spf1 mx a ip4:1.2.3.4 -all` ## DKIM (DomainKeys Identified Mail) DKIM adds a cryptographic signature to every email you send. The receiving server verifies this signature against a public key in your DNS. This proves the email hasn't been tampered with. ## DMARC (Domain-based Message Authentication) DMARC ties SPF and DKIM together with a policy that tells receivers what to do when authentication fails. Options include: none (monitor), quarantine (spam folder), or reject (bounce). Example: `v=DMARC1; p=quarantine; rua=mailto:[email protected]` ## Why It Matters Without these records, your emails are more likely to land in spam. Major providers like Gmail and Outlook now require proper authentication. ByteSMTP sets up all three automatically when you add a domain.