Learn about DMARC, SPF, and DKIM
Welcome to DMARCPal's Learn blog. Check our posts to discover and learn more about DMARC, SPF, DKIM, and how to get the most value of your DMARCPal subscription.
If email from a perfectly legitimate system suddenly starts landing in spam (or bouncing), it usually isn't because "deliverability is mysterious".
It's because mailbox providers have been steadily raising the floor for what counts as a well-behaved sender.
This isn't just about inbox placement,...
“Apex domain” is one of those phrases that sounds more exotic than it is.
In day-to-day DNS work, the apex is simply the top name of the zone being edited. If the DNS zone is example.com, then the apex is example.com itself (sometimes shown as @ in DNS dashboards). If the zone is news.exa...
If you've ever stared at a DMARC report thinking "but SPF is passing... why is DMARC failing?", you've already met identifier alignment.
Alignment is one of those things that sounds like an academic detail until it bites you in production. Then it becomes the entire story.
In DMARC terms, what...
We’ve seen this happening to a few domains hosted on Google Workspace: DKIM is properly set up on the domain, email is okay, and DMARC passes.
All seems fine, except that DKIM is not authenticating emails “From” the user domain.
Because Gmail works, people think that DKIM is doing the right th...
DKIM is short for DomainKeys Identified Mail. It is a mechanism to verify that some core information of an email message, such as its body, and the “From” and “Subject” lines, are authentic and haven’t been tampered with by someone while the email was in transit.
So when you send an email using...
