What do SPF, DKIM, and DMARC actually do?
SPF publishes which servers are allowed to send email as your domain. DKIM adds a cryptographic signature so a receiver can confirm the message was not altered in transit and genuinely came from an authorised sender. DMARC ties the two together and tells receiving servers what to do when a message fails both — and sends you reports on who is trying to spoof you.