SPF (sender policy framework), DKIM (domain keys identified mail) and DMARC (domain message authentication reporting and conformance) are sender authentication mechanisms that use DNS.

DKIM is a standard for signing email messages so that the recipient can verify the sender's email address. This allows recipient mail servers to detect sender address forgery, which is often used by spammers to avoid sender domain blacklists.

Signing is done with a private key on the sender's server, which matches a public key added to in the sender's DNS domain. The recipient can lookup this key at the domain in the From address, and use it to ensure that the email signature was created using the corresponding private key, which proves that the message was really sent from that domain.

DKIM Test Tool: https://mxtoolbox.com/dkim.aspx

DMARC Test Tool: https://mxtoolbox.com/DMARC.aspx

A very useful test is to send a message from the domain under test to a Gmail address. Once the message is received in Gmail, perform a Show Original to view the message headers.

https://www.virtualmin.com/documentation/email/dkim

https://wiki.zimbra.com/wiki/Configuring_for_DKIM_Signing

https://wiki.zimbra.com/wiki/Best_Practices_on_Email_Protection:_SPF,_DKIM_and_DMARC