SPF / DKIM

Technologies that authenticate email sender domains. DNS-based mechanisms essential for preventing spoofed and phishing emails.

Nov 29, 2025 · About 1 min read

Security

SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are authentication technologies that verify whether an email's sending domain is legitimate. Both are configured via DNS records and help prevent email spoofing.

SPF works by declaring in DNS: "only these IP addresses are authorized to send email from this domain." The receiving server checks whether the sender's IP address is listed in the SPF record; if not, the email is flagged as potentially fraudulent.

DKIM attaches a digital signature to emails. The sending server computes a hash of the email's headers and body, then signs it with a private key. The receiving server verifies the signature using the public key published in DNS, confirming the email has not been tampered with.

For email marketing containing shortened URLs, SPF and DKIM configuration is especially important. As cases of shortened URLs being exploited for phishing increase, proving sender legitimacy through SPF/DKIM is essential for earning recipient trust. Emails without SPF/DKIM are far more likely to be caught by spam filters in Gmail and Outlook.

In addition to SPF and DKIM, configuring DMARC (Domain-based Message Authentication, Reporting and Conformance) lets you specify how to handle emails that fail authentication (reject, quarantine, or allow). Google mandated SPF/DKIM/DMARC for domains sending more than 5,000 emails per day starting February 2024. You can find related books on Amazon.

Share on X Hatena

Was this article helpful?

Related Terms

Phishing

A cyberattack that uses deceptive links and websites to trick users into revealing sensitive information.

DNS Resolution

The process of translating a human-readable domain name into the IP address of the server hosting the website.

HTTPS

The secure version of HTTP that encrypts data transmitted between a browser and a web server using TLS.

SSL/TLS

Cryptographic protocols that provide secure communication over the internet by encrypting data between client and server.

Man-in-the-Middle Attack

A cyberattack in which an attacker intercepts communication between two parties to eavesdrop on or tamper with data. HTTPS adoption has driven countermeasures forward.

API Rate Limit

A restriction on the number of API requests a client can make within a specified time period.

How to Spot and Prevent Phishing Attacks Using Short URLs

Learn to identify phishing attempts that exploit short URLs. Practical tips for protecting yourself and your organization from link-based scams.

Using Short URLs in Email Marketing - Boost Clicks and Track Results

Master the use of short URLs in email campaigns. Learn techniques for improving click-through rates, A/B testing, and measuring email marketing ROI.

Short URL Security Guide - Best Practices for Safe Link Sharing

A comprehensive guide to short URL security best practices. Understand the risks and learn how to share links safely and responsibly.

FAQ

Should I set up both SPF and DKIM?

Yes, setting up both is strongly recommended. SPF verifies the sender's IP address, while DKIM detects email content tampering. Since they serve different roles, using both maximizes security. Adding DMARC on top is ideal.

What happens if SPF/DKIM are not configured?

Your emails are far more likely to land in spam folders. Since February 2024, Gmail has required SPF/DKIM/DMARC for high-volume senders, and non-compliant emails may be outright rejected.

Is setting up SPF/DKIM difficult?

It requires adding DNS records, but if you use an email delivery service (SendGrid, Amazon SES, etc.), setup instructions are provided in the service dashboard. With basic DNS knowledge, configuration takes about 30 minutes.

Ready to create a short URL?

Shorten a URL for Free