// SECURITY GUIDE · EMAIL AUTH
Email Authentication
// WHAT IT IS
Email authentication is a set of DNS-based mechanisms that prove your emails are legitimate. Without them, anyone can send an email claiming to be hello@yourdomain.com. This is how phishing, CEO fraud, and brand impersonation attacks work.
// THE THREE PROTOCOLS
A TXT record listing which mail servers are authorized to send email for your domain. Receiving servers check this record and reject mail from unauthorized sources.
Tells receiving servers what to do when SPF or DKIM fails: none (monitor), quarantine (spam folder), or reject (block). Without DMARC, SPF failures are just logged — emails still get delivered.
Adds a cryptographic signature to outgoing emails. Proves the email content wasn't modified in transit. Requires configuration at your email provider (Google Workspace, SendGrid, etc.).
// QUICK SETUP
# 1. SPF — no email sent from this domain (most secure)
TXT @ → v=spf1 -all
# 2. DMARC — reject all failures
TXT _dmarc → v=DMARC1; p=reject
# 3. DKIM — configure in your email provider dashboard
# (Google Workspace, Mailgun, SendGrid all have a DKIM setup wizard)