What is DKIM, SPF, and DMARC in email security?

These are three DNS-based email authentication standards that together prevent email spoofing and phishing. SPF (Sender Policy Framework): a DNS TXT record listing which IP addresses/mail servers are authorized to send email for a domain. Receiving servers check if the sending IP is in the SPF record. DKIM (DomainKeys Identified Mail): the sending server cryptographically signs emails with a private key; the receiving server verifies the signature using the public key published in DNS. Proves the email was sent by the domain owner and wasn't modified in transit. DMARC (Domain-based Message Authentication, Reporting, and Conformance): builds on SPF and DKIM, allowing domain owners to specify what to do with emails that fail SPF/DKIM checks (none/quarantine/reject) and receive reports. DMARC with p=reject prevents attackers from spoofing your domain in phishing emails. All three should be configured for any domain that sends email.