Q: What is Spoofing, SPF, DKIM and DMARC?
A: Spoofing is quite easy. You see, many systems allow one to change the way a name and email address displays on a sent email and the reply to address. This is used quite normally, for example, you may want to send an email out via your email address but as events or info@ and then ensure that it replies to a different address. If it can be used easily in normal business practice, then it can also be easily used in Cybercrime and using this method to misrepresent another entity online is called 'Spoofing'.
The Sender Policy Framework (SPF), is a technical standard and email authentication technique that helps protect email senders and recipients from spam, spoofing, and phishing by ensuring that emails distributed have originated from the only place/s they are genuinely allowed to. Sometimes this is only the email and web server, but sometimes multiple servers require authentic domain access, like a web server and a separate exchange email server.
DKIM provides an encryption key and digital signature that verifies that an email message was not forged or altered by authenticating the email headers with the domain DNS records.
DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Currently, we usually stop at DKIM to avoid false positives and ensure successful mail delivery.