What are SPF, DKIM, DMARC & BIMI?

Last Updated: 28/11/2024     Tags: spf, dkim, dmarc, bimi, deliverability
  • Switch Version
  • V5
  • V4

SPF (Sender Policy Framework)

SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. The SPF record helps deliverability as it provides an authoritative list of IP's and hostnames allowed.

For example, if you send an email from Taguchi without a SPF record, some mail servers may treat the email as suspicious and may move the email to the junk/spam folder or reject the message. This is because mail servers use SPF records to verify the authenticity of the sender of the email. If the SPF record is present when sending an email, the remote email server could then verify that Taguchi is allowed to send emails on behalf of the sender.

SPF Diagram

DKIM (Domain Keys Identified Mail)

DKIM (Domain Keys Identified Mail) should be instead considered a method to verify that the messages' content is trustworthy, meaning that the content hasn't changed since the moment the message left the initial mail server. This additional layer of deliverability is achieved by an implementation of the standard public/private key signing process. The owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorised use. The main reason to implement DMARC is to protect a domain from being used in email compromise attacks such as phishing emails, email scams and other cyber threats that would involve spoofing an email address.

BIMI (Brand Indicators for Message Identification)

BIMI is a sender domain authentication which verifies a sender's brand information.
The most unique feature of BIMI is that it enables you to display your brand-controlled logo in supported inboxes. This allows recipients to identify the sender visually before they open emails.
The supported inbox providers are Yahoo and Google as of this writing. (Referece : BIMI Adoption – June 2020 from bimigroup.org)
BIMI relies on other authentication protocols such as SPF, DKIM and DMARC, so it's required to have those authentications set up to have BIMI. BIMI brand logo

Sample image source: Gmail app

Benefits of Using SPF, DKIM, DMARC & BIMI

When you add authentication information to your domain, an added benefit is that many ISPs use authentication to track sending reputation. With authentication handled by your domain, reputation with the receiving ISPs is influenced by your domain and the emails sent on behalf of your domain. This means you maintain control over the emails that affect deliverability for your domain. A positive reputation for your domain builds trust and improves deliverability, affecting whether your emails are caught by spam filters and how quickly the receiving servers will accept mail from your domain.

Configuring SPF, DKIM & DMARC

Click here to see instructions on how to configure SPF, DKIM & DMARC.

Setting up BIMI

Click here to see instructions on how to set up BIMI on your domain.