Free Domain Health Check

Understanding Email Authentication

Email security relies on multiple layered protocols. The three essential protocols (MX, SPF, DKIM, DMARC) form the foundation, while BIMI, MTA-STS, and TLS-RPT are recommended enhancements that add brand visibility and transport encryption.

1. 1
   MX Records Essential

   Routes email to your servers. MX records define which mail servers accept email for your domain.

2. 2
   SPF Essential

   Declares authorized sending IPs. SPF records tell receivers which servers are allowed to send email as your domain.

3. 3
   DKIM Essential

   Cryptographically signs messages. DKIM proves emails haven't been tampered with in transit.

4. 4
   DMARC Essential

   Policy + reporting when SPF/DKIM fail. DMARC tells receivers what to do with unauthenticated messages.

5. 5
   BIMI Recommended

   Brand logo in email clients. BIMI requires DMARC enforcement and displays your logo next to authenticated emails.

6. 6
   MTA-STS Recommended

   Enforces TLS for inbound delivery. MTA-STS prevents TLS downgrade attacks during email transport.

7. 7
   TLS-RPT Recommended

   Reports TLS connection failures. TLS-RPT gives you visibility into whether senders can establish encrypted connections.