In this recipe, you configure Domain-based Message Authentication, Reporting & Conformance (DMARC) to perform incoming email authentication with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) checking.
SPF compares the client IP address to the IP address of the authorized senders in the DNS record. If the test fails, the email is treated as spam.
DKIM allows FortiMail to check for DKIM signatures for incoming email with the domain keys for the protected domains. DKIM may also be configured to sign outgoing email, but is outside the scope of this recipe.
This recipe covers how to enable SPF, DKIM, and DMARC checking on FortiMail to check incoming email.
For more information about these email authentication protocols, see the FortiMail Administration Guide.