What are DMARC, SPF, DKIM and BIMI records?

0 min read
what is dmarc dkim bimi spf

Do you want to improve your email security and deliverability? Do you want to keep track of all emails that are sent from your domain and server? In that case, SPF, DKIM, DMARC and BIMI records are some terms you should know. All of these are protocols that can be added to the DNS and whose correct deployment will improve various parts of your email security. This article explains what they are and how they work, so you can make a headstart with your email security.

What are SPF records?

SPF stands for “Sender Policy Framework”. SPF records define which servers and domains have your consent to send emails on your behalf. In tandem with this, eceiving email servers automatically verify whether emails that appear to be from your domain actually originate from a legitimate place. If this is not the case, your emails will go straight into receivers’ spam boxes.

Every domain can only have one SPF record. However, you can add multiple domains, servers and third parties to this record. You can also always choose to delete domains or add more.

What is DKIM?

DKIM stands for “DomainKeys Identified Mail”. This is an email authentication technique that relies on adding a digital signature (called a DKIM signature) to all outgoing emails. This signature verifies to receiving servers that an email was indeed sent or authorized by the owner of the domain it originates from. Email receivers can not “see” DKIM signatures – they are only visible a server level.

What is DMARC?

DMARC stands for “Domain-based Message Authentication, Reporting and Conformance”. DMARC is built off the previously mentioned SPF and DKIM protocols and functions as an improvement and extension of these.

SPF and DKIM work in isolation from each other, and it is quite a lot of work to deploy both protocols correctly at the same time. This means that some authentic, legitimate emails may slip between the cracks and still end up in spam folders.

With just SPF and DKIM, it is also not possible for domain owners to determine how many of their emails are actually unauthenticated. On top of this, not all email receivers use the same protocols. Some use DKIM, some use SPF, and some others may even be using both. This makes the process of email authentication complex and confusing for all parties involved.

DMARC joins the mechanisms of SPF and DKIM together and streamlines the general process of email authentication. A large improvement of DMARC, compared to SPF and DKIM, is that this protocol shows automated aggregate and failure reports about all outbound emails to domain owners. This helps you keep track of all outgoing email flows and makes it easier to catch a potential abuse attempt.

The development of DMARC resulted from a collaboration between fifteen member organizations that wanted to improve email security protocols together. These fifteen member organizations include some of the biggest names of the Internet, including Facebook, Google, Hotmail, LinkedIn and PayPal.

Microsoft, Gmail, AOL and Yahoo all employ DMARC as a protection layer. That means that all emails that are not authenticated by DMARC will automatically end up in the spam boxes of people using these email clients.

What are BIMI records?

BIMI records do not belong to the same “family” as DMARC, DKIM and SPF. Nevertheless, they are another important component in maximizing your email security. Adding a BIMI record to the DNS makes legitimate emails from your domain show a miniature company logo within receiving inboxes. These logos verify to your customers that your emails are genuine.

Learn more

Ready to make a headstart with your email security? EasyDMARC is a simple security solution through which you can take care of DMARC, DKIM, SPF and BIMI records in one centralized, easy-to-use dashboard. You don’t need to add anything to the DNS yourself or worry about doing it wrong. If you would like to learn more about this tool, check the articles below for more information.

Subscribe to our newsletter

Looking for the best Domain Reseller Program?

OpenProvider offers you the best prices in the market and more. Register your .com domains for only $8.57 now!