Identity Assurance

Mail Config

Prevent hackers from sending fake emails from your domain. SPF, DKIM, and DMARC are the "Passport Control" for your business communications.

Audit My Email

Scan DNS for authentication records

01 Stopping the Spoofers

Email was never designed to be secure. By default, anyone can send an email and put your address in the "From" field. Mail configuration records (SPF, DKIM, DMARC) are the technologies we use to prove that an email actually came from you.

02 The "Notarized Letter" Analogy

Imagine your business is sending an important legal document by mail:

SPF
The "Approved Senders List." It tells the post office which delivery trucks are allowed to carry your mail.

DKIM
The "Digital Seal." It's a unique wax seal on the envelope that breaks if anyone tries to change the contents.

DMARC
The "Instruction Manual." It tells the recipient what to do if the truck isn't approved or the seal is broken.

03 The Big Three (How they work)

SPF (IP Check)

The Gatekeeper

A TXT record that lists every IP address or service (like Gmail or Mailchimp) authorized to send email for you.

DKIM (Signature)

The Authenticator

Adds a cryptographic signature to your emails. If even one letter in the email is changed, the signature becomes invalid.

DMARC (Policy)

The Boss

Tells receiving servers to either 'Do Nothing', 'Quarantine' (spam), or 'Reject' (delete) emails that fail authentication.

04 Why it matters for business

Without proper config, your legitimate business emails (invoices, support, newsletters) will likely land in your customers' Spam Folder.

Phishing Risks: Without DMARC, a hacker can send an email to your employees pretending to be the CEO, asking for a wire transfer. If you don't have a reject policy, that fake email will look 100% real.

05 Securing Your Email

Fixing your email configuration is a high-impact, low-cost security win:

1. Inventory your senders

Make a list of every service that sends email for you (Gmail, Mailchimp, Zendesk, etc.).

2. Update DNS Records

Add the correct SPF, DKIM, and DMARC TXT records to your domain settings. Most providers give you these for free.

3. Monitor Feedback

DMARC can send you "Reports" showing you exactly who is trying to spoof your domain. Use a tool like Postmark or Cloudflare to read these reports.

Verification is easy! Use our homepage scanner. If we don't find these records, we'll tell you exactly what's missing.

06 Frequently Asked Questions

Do I need all three: SPF, DKIM, and DMARC?

Yes! They work together. SPF identifies the server, DKIM proves the content hasn't been changed, and DMARC tells the receiver what to do if the first two fail.

Why are my emails still going to spam?

Authentication is just one factor. Your reputation (Blacklists), the quality of your content, and whether you've been flagged by users also matter.

What is the 'v=DMARC1; p=reject' policy?

This is the strictest policy. It tells other servers: 'If an email claiming to be from me fails authentication, delete it immediately. Do not even put it in the spam folder.'

Can I set this up without a developer?

If you have access to your DNS settings (Cloudflare, GoDaddy, etc.), most email providers like Google Workspace or Microsoft 365 provide copy-paste records you can add yourself.

Protect Your Inbox

Make sure your emails are trusted and delivered.

Audit My Mail Config