SPF, DMARC, and DKIM
These three DNS records work together to stop people from forging email from your domain. SPF lists which mail servers are allowed to send for you. DKIM adds a cryptographic signature that proves a message really came from your domain and wasn't altered. DMARC ties them together and tells receiving servers what to do when a message fails - and where to send reports.
Why it matters at home
If you run a domain for family email, a small business, or a self-hosted
mail server, weak or missing records mean your legitimate mail lands in spam
and your domain can be spoofed. A healthy setup has SPF ending in
~all or -all, a DKIM signature, and a DMARC policy
of at least p=quarantine.
Want to inspect the raw DNS yourself? Use the DNS lookup tool and query the TXT records.