MrTech Melbourne
All guides

Email

How SPF, DKIM and DMARC work together

The three pillars of business email authentication — what each does, how they align, and the order to implement them.

By Jason.YPublished 11 June 2026Updated 4 June 20265 min read
Need help with this? Talk to our Microsoft 365 team
SPF, DKIM and DMARC working together
01

SPF — who may send

SPF is a DNS TXT record listing mail servers allowed to send as your domain. Include Microsoft 365, your website form provider, CRM, and newsletter tool. End with -all when confident, or ~all while testing.

02

DKIM — message integrity

DKIM signs messages with a domain-aligned key. Alignment matters for DMARC: the signing domain should match the From address domain (strict alignment) or share the same organisational domain (relaxed).

03

DMARC — policy and reporting

DMARC tells receivers what to do when SPF or DKIM fail — none, quarantine, or reject — and where to send aggregate reports. Start at p=none, analyse reports for 2–4 weeks, then tighten.

04

Implementation order

Fix SPF and enable DKIM first, run DMARC at p=none with reporting, then move to quarantine and reject as legitimate senders authenticate. One broken marketing platform can cause false failures until it is fixed or excluded properly.

Related service

This is part of our Microsoft 365 service for Melbourne businesses.

Explore Microsoft 365

Try it now

Run the related tools

Common questions

What is the difference between SPF, DKIM and DMARC?

SPF authorises sending servers, DKIM signs messages, and DMARC sets policy when checks fail. Use all three together. See mrtechmelbourne.com/guides/spf-dkim-dmarc-together

Need a hand?

Run the tools. Then talk to us.

Use our free diagnostics to see what is wrong, then get Melbourne IT support for the fix.

Keep reading

More guides