Email Security

What Is SPF, DKIM, and DMARC?

Three complementary email authentication standards that prevent email spoofing. SPF (Sender Policy Framework) specifies which servers can send email for your domain. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to verify emails were not tampered with. DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers how to handle emails that fail SPF/DKIM checks.

In Laravel Applications

Laravel applications that send email (password resets, notifications, marketing) need proper SPF, DKIM, and DMARC records. Without them, your emails may be marked as spam, and attackers can spoof emails from your domain to phish your users.

Example

Without DMARC, an attacker sends emails from admin@yourapp.com to your users asking them to reset their password on a fake login page. The emails appear legitimate because there is no policy telling receivers to reject them.

Related Terms

DNS Security

The practice of protecting Domain Name System infrastructure from attacks and misconfigurations. DNS security includes preventing cache poisoning, unauthorized zone transfers, subdomain takeovers, and ensuring proper email authentication (SPF, DKIM, DMARC).

Phishing

A social engineering attack where an attacker impersonates a trusted entity to trick victims into revealing sensitive information (credentials, financial data) or performing harmful actions (clicking malicious links, downloading malware). Phishing typically occurs via email but also through SMS, phone calls, and fake websites.

The Hidden Security Risks in Your Laravel Application, and How to Fix Them

Learn the top security practices to protect your Laravel applications from common vulnerabilities and threats.

Monitor Your Laravel Application's Security

StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.

Start Free Trial