SPF stands for “Sender Policy Framework” and basically its away to ensure that emails aren’t forged (spoofed) by listing where your emails are allowed to come from. The problem it addresses is that anyone with their own mail server can send an email that looks like it came from any email address.
So, how does your mail server make sure that email from your bank is legit? It checks the IP address of the sending mail server against what is listed in your “SPF record”, which is a type of DNS Record. If it doesn’t match, the email could be rejected completely, like not even marked as junk/spam.
Usually, your email provider will give directions to setup the SPF record as part of the DNS setup for your email. Some IT people overlook this step, not realizing its importance, so its always a good idea to validate that your SPF record is working by using this SPF Record Testing Tool (just the first test is usually enough to verify).
DKIM Records are of secondary importance to SPF Records, and basically do the same thing, which is ensure that emails aren’t forged. The difference is that with DKIM a digital signature is added to your emails, in a hidden part of the email, called “headers”. The receiving email server can check this signature against what is listed in your DNS records.
For example, we use Zoho for our email and so our SPF and DKIM records looks like the screenshot below.