Email relies on multiple DNS record types beyond MX. SPF, DKIM, and DMARC work together with MX records to route, authenticate, and protect email.
MX for Routing
MX records handle the "where"—directing incoming email to mail servers. They're queried by sending servers to find delivery destinations. Without correct MX records, email doesn't arrive. MX records only affect incoming mail—outgoing mail uses different mechanisms.
SPF for Sender Authorization
SPF (Sender Policy Framework) is a TXT record listing IPs authorized to send email for your domain. Receiving servers check if the sending IP matches SPF. This prevents spoofing—someone pretending to send from your domain. SPF is checked on the "envelope from" address.
DKIM for Message Integrity
DKIM (DomainKeys Identified Mail) adds cryptographic signatures to emails. A TXT record contains the public key. Receiving servers verify signatures weren't altered in transit. DKIM proves the message content is authentic and unchanged.
DMARC for Policy
DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receivers what to do when SPF or DKIM fail: reject, quarantine, or deliver anyway. DMARC also provides reporting on authentication results. It ties SPF and DKIM together into a cohesive policy.