Password resets, two factor codes, business secrets, private conversations… Email is at the centre of most of life and business, and so we must ensure it is trustworthy and authentic.
If you use email with your own domain, a lot of the burden of authenticity has suddenly shifted from your service provider to you. This guide will hopefully give you the information and practices you need to keep your domain's email authentic and less vulnerable to spoofing.
We'll cover the three major components of modern email domain security: DKIM for signing, SPF for sender verification, and DMARC for stricter enforcement of the other two. It is assumed the reader has a basic understanding of DNS and has experience using email with their own domain.
SPF, or Sender Policy Framework, is one of the most basic email verification technologies, and is the easiest and more common protection. Often service providers will give you the DNS record contents you need to simply copy-paste during setup.