Plain-English explainers for every protocol PhishFence helps you operate. Each guide covers what the protocol does, how to set it up, common pitfalls, and links to the right tool.
DMARC tells receiving mail servers what to do when an inbound message claims to be from your domain but fails SPF and DKIM authentication checks.
SPF lists which servers are authorised to send email on behalf of your domain. Receivers check the inbound IP against your SPF record and accept or flag the message accordingly.
DKIM cryptographically signs every outbound message with a private key; receivers verify the signature against your public key in DNS. Survives forwarding, unlike SPF.
ARC lets a forwarder vouch for the authentication state of a message it received, so the next hop can trust the upstream verdict even when SPF and DKIM are broken by forwarding.
BIMI lets receivers display your brand logo next to authenticated messages in the inbox. Requires DMARC at p=quarantine or p=reject.
MTA-STS forces sending servers to use TLS when delivering mail to your domain, blocking downgrade attacks that would otherwise let an attacker intercept inbound mail in plaintext.
TLS-RPT asks sending servers to send you daily aggregate reports of every TLS failure they hit when delivering mail to your domain. The visibility complement to MTA-STS.
DANE pins a hash of your TLS certificate in DNS via TLSA records. Receivers can then validate the cert without trusting public Certificate Authorities — the DNSSEC chain is the trust anchor.
ARF is the standardised email format mailbox providers use to report abuse and authentication failures back to senders. The structured payload that powers DMARC's ruf= reports.
DNSSEC adds cryptographic signatures to DNS responses so resolvers can verify the data wasn't tampered with in transit. Foundation for DANE, MTA-STS, and trust in DNS-published security policies.
PhishFence implements all of these protocols for monitored domains: continuous DMARC reporting, SPF + DKIM auditing, MTA-STS enforcement guidance, BIMI checks, and lookalike-domain monitoring on top.