DMARC / SPF / DKIM

The three email-authentication standards that prove an email actually came from the domain it claims.

SPF (Sender Policy Framework) lists the IP addresses allowed to send mail on behalf of a domain. DKIM (DomainKeys Identified Mail) signs each outgoing message with the domain's private key. DMARC ties the two together and tells receiving servers what to do when alignment fails (do nothing, quarantine, or reject).

If your domain doesn't publish DMARC with at least a policy of p=quarantine, attackers can trivially spoof it. If your domain DOES publish DMARC reject and the email passes, it almost certainly came from you.

Most BEC and phishing attacks rely on either lookalike domains (because the real one has DMARC) or compromised mailboxes (where DMARC doesn't help because the email really did come from the domain).

Related terms

Business Email Compromise (BEC)

Targeted phishing aimed at corporate finance teams to redirect wire transfers or invoice payments.

Phishing

Fraudulent attempt to steal credentials or money by impersonating a trusted entity, usually via email or a fake website.

Got a URL you're unsure about?

Paste it into our free scanner — verdict in seconds, 10+ threat-intel sources.

Scan a URL →