SPF, DKIM, and DMARC

SPF (Sender Policy Framework)

SPF tries to authenticate email by verifying the email envelope sender address. This address is compared against the IP addresses published by that domain.

The IP addresses are published in DNS, typically in a TXT record type.

Since Mail-List.com is sending the email from its own servers, the only SPF records that matter are those published by the Mail-List.com domain name.

DKIM (DomainKeys Identified Mail)

DKIM tries to verify that the sender email address was not forged, nor the contents of the message altered.

The public key is published in DNS, in a TXT record type. The private key is used to sign the email and must match the public key.

Since Mail-List.com does alter the message by adding footers to the email, Mail-List.com signs the email with its own signature.

Therefore, the only DKIM record that matters is the Mail-List.com DKIM public key.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC extends SPF and DKIM verification and is an email authentication, policy, and reporting protocol. It builds on SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

ISPs may choose to Reject or Quarantine incoming emails if they fail DMARC checks.

If the Mailing List is using Mail-List.com as the domain name, the only DMARC records that matter are published by Mail-List.com

Resources

For our customers using their own domain names, see SPF, DKIM and DMARC Resources listed below. Many resources are available, but we found these websites do a great job explaining what is needed and why.