SPF or DMARC?
I have the practice to enable SPF, DMARC and DKIM in any domain that I come across. In the future, everybody should and eventually enabling this, but we are still not there because of the poor adoption. Enabling this will help any email domain to not marked as SPAM, of course, if you are using a domain to send SPAM, the domain will eventually end up on a blacklist and be marked as SPAM, even if you have all three authentications enabled.
Here are some tools that you can use to check if you already have them enabled:
SPF Validated: https://mxtoolbox.com/SuperTool.aspx
DKIM is validated: https://app.dmarcanalyzer.com/dns/dkim?simple=1
DMARC Inspector: https://dmarcian.com/dmarc-inspector/
Message Header Analyzer: https://testconnectivity.microsoft.com/MHA/Pages/mha.aspx
Message Header Analyzer (Outlook Mobile): https://appsource.microsoft.com/en-us/product/office/WA104005406
|What does it stands for?||Sender Policy Framework||DomainKeys Identified Mail||Domain-based Message Authentication, Reporting and Conformance|
|What is it?||A system to declare and verify who can send e-mails from a given domain||An e-mail authentication system based on asymmetric cryptographic keys.||An e-mail authentication system that helps determining what to do when messages fail SPF or DKIM checks.|
|How does it work?||The receiving host checks if the sending host is allowed to send e-mails from the sender domain.||The sending host signs email body and/or headers with its private key. The receiving host verifies the signature, identifying if the fields are intact.||The receiving hosts applies the DKIM and SPF checks. Then it validates the results against the published DMARC policy and decides what to do: Block, quarantine, deliver, report to sender.|
|The information stating who can send e-mails is stored on a TXT record in the DNS zone.||No digital certificate is required. Public key is published using DNS TXT records.||The DMARC policy is published via DNS TXT record.|
|Why is it important?||It helps preventing spoofing and can prevent damage to your brand.||Greatly reduces the chances that your messages are treated as spam by digital signature.||Helps receiving organization decide what to do with e-mails that fails checks and create a feedback loop to allow course correction.|
|Where can I learn more?||Sender Policy Framework||DomainKeys Identified Mail||Domain-based Message Authentication, Reporting & Conformance|
Here are some interesting articles:
Hope you find here the answers that you are looking for.