Anti-Spoofing

Update (January 2026): The email authentication requirements discussed in this post are now strictly enforced. Gmail and Yahoo began full enforcement in late 2025, and Microsoft joined in May 2025. SPF, DKIM, and DMARC are no longer optional for bulk senders - they’re required for reliable email delivery. After writing my DMARC Reports: Your Secret Weapon Against Domain Fraud (And How to Read Them) post, I realized that I hadn’t really looked at SPF and DKIM records too much. I had read how you could be protecting your brand from email spoofing with SPF and DKIM records but hadn’t explored them very much. I figured that it made more sense to dig a little deeper into what SPF and DKIM records are as well as how they work. ...

Update (January 2026): Since this post was originally written, Gmail and Yahoo’s DMARC requirements have moved from warning to full enforcement. As of November 2025, Gmail actively rejects non-compliant emails from bulk senders. Microsoft also joined in May 2025, requiring DMARC for senders of 5,000+ daily emails to Outlook.com, Hotmail, and Live.com. If you haven’t set up DMARC yet, now is the time - your emails may already be getting rejected. ...