Why do we put SPF, DKIM and DMARC standards in place to protect your business?

Every year, more and more individuals and businesses fall victim to phishing, identity theft and other email-related attacks. Small, medium and large companies get targeted, and the consequences can sometimes be disastrous. To protect customers against cyberattacks, our OVHcloud email solutions include Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Compliance (DMARC) [C1] protocols as standard. In addition to improved security, these standards bring many advantages, such as improved email deliverability.

Find out how implementing SPF, DKIM and DMARC standards helps protect your business.

Why use SPF, DKIM and DMARC

Identity theft, phishing and ransomware are becoming increasingly common. Since emails remain one of the most widely-used formats for this type of cyberattack, your business will inevitably come across this type of nuisance sooner or later. Without protection, the consequences may be huge for your business:

  • data theft
  • demands for a ransom
  • Identity theft of your customers or suppliers
  • damage to your brand image and domain names

SPF, DKIM and DMARC remain the most widely used solutions to protect your email system against these threats. Installing these protocols on your email servers will also greatly increase your legitimacy when you send emails, proving your identity to your recipients and greatly improving your deliverability.

What is SPF?

The Sender Policy Framework (SPF) is a standard for linking a domain name to the sender’s address, thus reducing the risk of spoofing. With SPF, you can set the IP addresses authorised to send emails for the domain in question.

How does SPF work?

SPF works in part as a “trusted list” for emails.

As the owner of a domain name, you can specify which email servers are allowed to send emails on your behalf. When a recipient receives an email, they can check the list to ensure that the sender is authorised by the domain to send emails on their behalf.

In short, SPF helps ensure that only legitimate email servers are allowed to use a specific domain name to send emails.

What are the advantages of SPF?

By including the SPF protocol in your email solutions, OVHcloud helps you to:

  • improve your deliverability
  • boost your domain’s reputation
  • reduce spam
  • protect yourself against fraud and spam
  • comply with standards-setting bodies

What is DKIM?

DKIM (Domain Keys Identified Mail) is a standard for authenticating the sender’s domain name. This technology uses encryption to add a signature to an email. In addition to proving that the domain name has not been spoofed, DKIM helps ensure that the message has not been altered in transit.

How does DKIM work?

DKIM is similar to a digital signature. When an email is sent, DKIM adds the equivalent of a validation “seal”. When the email reaches the receiving server, it checks the authenticity of this digital “stamp” to ensure that it has not been tampered with during transmission. If the digital signature is authentic, then the email is delivered to the recipient.

What are the advantages of DKIM?

By including DKIM in its email solutions, OVHcloud helps you to:

  • authenticate yourself when sending emails
  • improve your deliverability
  • ensure the integrity of your data
  • comply with standards-setting bodies

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Compliance) is a security policy protocol based on SPF and DKIM. DMARC allows the sender to specify what to do and what actions to take when emails fail the authentication tests.

How does DMARC work?

DMARC acts as the “referee”. It allows the domain manager to receive notifications if the authentication tests fail, and to specify the procedure to follow if this happens. If a recipient receives an unauthenticated email from a domain name, they can consult the DMARC protocol to take action. They can reject the fraudulent email, for example, or mark it as suspicious. This makes it easier to get alerts about identity theft, so that you have more control when managing your domain.

DMARC domain-based message authentication, reporting and compliance

What are the advantages of using DMARC?

By including DMARC in its email solutions, OVHcloud allows you to:

  • receive detailed reports on attacks linked to your domain
  • ensure the authenticity of emails from your domain name
  • improve your domain and brand reputation
  • comply with standards-setting bodies


While there are other standards, SPF, DKIM and DMARC remain the top three solutions for protecting your email system. These protocols increase your deliverability, reduce the risks of phishing and fraud, and improve your domain name’s reputation, improving your brand image as a result. What’s more, major email providers such as Google or Microsoft also use SPF, DKIM and DMARC. From a standardisation standpoint, it is therefore beneficial to you to adopt these protocols. That’s why OVHcloud implements these standards on its email solutions.

Need help?


fabien bouvet
Fabien Bouvet
OVHcloud | + posts

After ten years in web and mobile development, I’m now a technical writer and web redactor for OVHcloud.