Fix email. Stop phishing. Protect your brand.

Learn Who’s Really Sending Email on Your Behalf

Agari protects the inboxes of the world’s largest organizations from the #1 cyber security threat of email attacks, including phishing, spear phishing, and brand impersonation.

Request your free trial to gain immediate visibility into your email channel and discover:

  1. Overall authentication trends
  2. Phishing campaigns using your domains
  3. Unprecedented visibility into your email streams and email claiming to come from your domains  
  4. Recommendations to improve email deliverability and security

Request your free trial today and an Agari email security expert will help quick-start your journey to protect your organization from advanced email threats.


Request a Free Trial

Thank you!
Cloud security solution

“Agari differentiates from existing tools by combining behavioural analytics and anomaly recognition with the company’s insight into trusted email communications to enrich the context of defence against malicious messages — often the first line of defence against a targeted attack.”

If you do anything more advanced with email than hitting “Send” in Gmail then you should care about deliverability, which is the likelyhood that your email will end up in your intended recipient’s inbox instead of their spam folder.

In the last few years three technologies have emerged that help you as a sender work with receiving mail servers to ensure that your mail gets where it needs to be. They are

Sender Policy Framework (SPF)
DomainKeys Identified Mail (DKIM)
Domain-based Message Authetication, Reporting, and Conformance (DMARC)

All three of these are implemented using DNS TXT records, so we’ll be using the dig utility to explore them. If you don’t know much about DNS, or just want a refresher, check out my article DNS: The Good Parts. Briefly, a TXT record lets you associate a bit of text with a DNS name. A DNS name can have more than one record associated with it, so you could have one or more A records, an MX record, and one or more TXT records all associated to The one thing you can’t do is mix CNAMEs with other types, which I talk about in depth in DNS: The Good Parts.

Together, SPF, DKIM, and DMARC control which servers can send as your domain (SPF), authenticate a message, proving that you sent it (DKIM), and instruct recipients what to do if one or both of those checks fail (DKIM). Combined they’re a powerful tool for improving and maintaining your deliverability. Let’s dive into each one of them a little.