---
title: "What Is ADSP? Understanding Author Domain Signing Practices in DKIM | AutoSPF"
description: "Learn what ADSP (Author Domain Signing Practices) is, how it works with DKIM, its policy types, benefits, limitations, and why DMARC replaced it."
image: "https://autospf.com/og/blog/what-is-adsp-understanding-author-domain-signing-practices-in-dkim.png"
canonical: "https://autospf.com/blog/what-is-adsp-understanding-author-domain-signing-practices-in-dkim/"
---

Quick Answer

ADSP (Author Domain Signing Practices) is an extension of DKIM that lets domain owners publish whether their emails should always be DKIM-signed. Although largely replaced by DMARC, ADSP helped improve email authentication and reduce spoofing risks.

## Try Our Free DKIM Lookup

Auto-discover DKIM selectors for any domain.

[ Discover DKIM Selectors → ](/tools/dkim-lookup/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-adsp-understanding-author-domain-signing-practices-in-dkim%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=What%20Is%20ADSP%3F%20Understanding%20Author%20Domain%20Signing%20Practices%20in%20DKIM&url=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-adsp-understanding-author-domain-signing-practices-in-dkim%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-adsp-understanding-author-domain-signing-practices-in-dkim%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-adsp-understanding-author-domain-signing-practices-in-dkim%2F&title=What%20Is%20ADSP%3F%20Understanding%20Author%20Domain%20Signing%20Practices%20in%20DKIM "Share on Reddit") [ ](mailto:?subject=What%20Is%20ADSP%3F%20Understanding%20Author%20Domain%20Signing%20Practices%20in%20DKIM&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fwhat-is-adsp-understanding-author-domain-signing-practices-in-dkim%2F "Share via Email") 

![ADSP DKIM policy overview](https://media.mailhop.org/autospf/spf-record-check-6422-1780386428619.jpg) 

Email remains one of the most widely used communication channels for businesses and individuals alike. However, the popularity of email has also made it a prime target for spoofing, phishing, and impersonation attacks. To address these challenges, several authentication protocols have been developed over the years. One of the lesser-known mechanisms associated with email authentication is [Author Domain Signing Practices (ADSP)](https://en.wikipedia.org/wiki/Author%5FDomain%5FSigning%5FPractices).

ADSP was created as an extension to DomainKeys Identified Mail (DKIM) and was designed to help receiving mail servers understand how a domain handles email signing. Although newer technologies such as [DMARC](https://autospf.com/10-reasons-for-regular-spf-record-checks-in-cybersecurity/dmarc-record-check/) have largely replaced it, ADSP played an important role in the evolution of email security and helped pave the way for more **advanced authentication frameworks**.

## Understanding ADSP

Author Domain Signing Practices, commonly referred to as ADSP, is an optional extension built on top of DKIM. Its primary purpose is to allow a domain owner to publish information about whether outgoing emails from their domain should contain a valid [DKIM signature](https://docs.mapp.com/docs/dkim-signature).

The concept behind ADSP is straightforward. A receiving mail server may encounter an email claiming to originate from a specific domain. _If the message lacks a DKIM signature, the recipient’s mail system can consult the domain’s ADSP policy to determine whether unsigned messages are expected or suspicious._

This additional layer of policy information helps [mail servers](https://www.cloudflare.com/learning/email-security/what-is-a-mail-server/) make better decisions when **evaluating email authenticity**.

## The Relationship Between ADSP and DKIM

To understand ADSP, it is important first to understand DKIM.

DKIM allows domain owners to digitally sign outgoing messages using [cryptographic keys](https://www.meegle.com/en%5Fus/topics/cryptography/cryptographic-keys). When a recipient receives the email, their mail server can verify the signature against the [public key](https://www.techtarget.com/searchsecurity/definition/public-key) published in DNS. **Successful verification confirms** that:![Spf Validator 3179](https://media.mailhop.org/autospf/spf-validator-3179-1780387062726.jpg)

- The message was authorized by the sending domain.
- The message content has not been altered after being sent.
- The sender’s domain is associated with the signature.

While [DKIM](https://autospf.com/dkim-record-generator-tool/) helps validate signed emails, it does not inherently explain how to handle messages that are not signed. ADSP was introduced to fill this gap by allowing domains to publish their signing expectations.

## Key Components of ADSP

### Author Address

The author address refers to the email address displayed in the “From” header of a message. This address is typically what recipients see when they receive an email.

For example:

**From:** [support@example.com](mailto:support@example.com)

In this case, the author domain is **example.com**.

ADSP focuses on the relationship between this visible [sender domain](https://docs.acquia.com/campaign-studio/add-ons/campaign-factory/sender-domains) and the DKIM signature associated with the message. _If a domain publishes an ADSP policy, receiving servers can evaluate whether the message complies with the domain’s declared signing practices._

### Author Domain Signature

An **author domain signature** is a DKIM signature that corresponds to the same domain appearing in the message’s From header.

When the signature aligns with the author domain, recipients gain greater confidence that the email genuinely originated from the claimed sender.

ADSP uses this information to determine whether a message adheres to the domain’s published policy.

## ADSP Policy Types

ADSP allows domain owners to declare one of several signing practices. _These policies communicate how email originating from the domain should be handled._

### 1\. Unknown

The **“unknown” policy** indicates that the domain does not make any specific statement regarding its signing practices.

Under this setting:

- Some messages may be signed.
- Some messages may be unsigned.
- Receiving servers should not make assumptions about missing signatures.

This option **provides flexibility for organizations** with varied email infrastructures or multiple sending sources.![Spf Permerror 4179](https://media.mailhop.org/autospf/spf-permerror-4179-1780387109693.jpg)

### 2\. All

The **“all” policy** informs recipients that every [legitimate email](https://www.usatoday.com/story/tech/2021/08/23/gmail-spam-filter-email-inbox-google/8242847002/) sent from the domain should include a valid DKIM signature.

If a message claiming to originate from the domain arrives without a valid signature, the receiving server may consider it suspicious.

This policy demonstrates a stronger commitment to **email authentication and consistency**.

### 3\. Discardable

The **“discardable” policy** is the strictest ADSP option.

It states that:

- All legitimate emails should be DKIM-signed.
- Messages lacking a valid signature are likely unauthorized.
- Recipients may safely reject or discard such emails.

This policy offers stronger **protection against spoofing attempts** but requires confidence that every legitimate mail source consistently signs outgoing messages.

## Publishing an ADSP Record

ADSP policies are published as [DNS TXT records](https://www.cloudflare.com/learning/dns/dns-records/dns-txt-record/). By placing a policy in DNS, domain owners make their signing expectations available to receiving mail servers.

A typical ADSP record follows this structure:

`_adsp._domainkey.example.com IN TXT "dkim=discardable"`

In this example:

- `_adsp._domainkey` identifies the ADSP policy location.
- `example.com` represents the sending domain.
- `dkim=discardable` specifies the selected signing practice.

Receiving mail systems can [query DNS](https://www.ioriver.io/terms/dns-query) to retrieve this information and apply the appropriate validation logic.

## Benefits of ADSP

_Although ADSP is no longer widely deployed, it introduced several valuable concepts to email authentication._ ![Spf Lookup 6227](https://media.mailhop.org/autospf/spf-lookup-6227-1780387168389.jpg)

- **Improved Sender Validation:** By publishing signing expectations, domain owners could provide additional context about their email practices, helping recipients distinguish between legitimate and potentially fraudulent messages.
- **Better Handling of Unsigned Emails:** ADSP gave receiving servers guidance when evaluating messages that lacked DKIM signatures, reducing uncertainty during the [authentication process](https://www.okta.com/identity-101/authentication/).
- **Enhanced Anti-Spoofing Protection:** Strict policies such as “discardable” allowed domains to signal that unsigned messages should not be trusted, making domain impersonation more difficult.
- **Greater Trust in Email Communications:** Organizations that consistently signed their messages and published ADSP policies could demonstrate a **stronger commitment to email security**.

## Challenges and Limitations of ADSP

_Despite its innovative approach, ADSP faced several practical limitations that restricted widespread adoption._

### Dependence on DKIM

ADSP only works when DKIM is implemented correctly. Organizations that lacked complete DKIM deployment could not fully benefit from ADSP policies.

### Complexity in Multi-Source Environments

Many organizations send email through multiple services, including:

- [Marketing platforms](https://www.indeed.com/career-advice/career-development/what-is-a-marketing-platform)
- CRM systems
- Support tools
- **Cloud email providers**

Ensuring every source consistently applied DKIM signatures proved challenging.

### Risk of Legitimate Email Rejection

**Strict ADSP policies** could cause legitimate emails to be rejected if a sending system failed to sign messages correctly.

### Limited Flexibility

As **email ecosystems** evolved, organizations required more sophisticated policy controls than ADSP could provide.

These limitations ultimately contributed to the industry’s transition toward more advanced authentication standards.

## Why DMARC Replaced ADSP

As email security requirements became more complex, DMARC emerged as a more **comprehensive solution**.

DMARC builds upon both [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/) and DKIM while introducing additional capabilities such as:

- [Domain alignment](https://mapp.com/blog/what-are-aligned-domains/) checks
- Reporting mechanisms
- Flexible policy enforcement
- Better visibility into authentication failures

Unlike ADSP, DMARC allows **domain owners** to receive detailed feedback about authentication results and provides clearer instructions to receiving mail servers on how to handle suspicious messages.

_Because of these advantages, DMARC has become the preferred standard for modern email authentication, while ADSP has largely faded from practical use._ ![Spf Flatterning 7235](https://media.mailhop.org/autospf/spf-flatterning-7235-1780386942941.jpg)

## ADSP’s Legacy in Email Security

Although ADSP is no longer considered a **mainstream authentication mechanism**, it remains an important milestone in the development of email security technologies. The protocol introduced the idea of publishing domain-level signing expectations and highlighted the importance of policy-based email authentication.

Many of the lessons learned from ADSP influenced the design and adoption of DMARC, which now serves as the industry standard for **protecting domains** against [spoofing and phishing attacks](https://www.msspalert.com/brief/novel-usps-spoofing-phishing-attack-relies-on-malicious-pdfs).

## Final Thoughts

Author Domain Signing Practices (ADSP) was **developed to complement DKIM** by allowing domains to publish information about their email signing requirements. _Through policies such as unknown, all, and discardable, ADSP helped receiving mail servers make informed decisions when evaluating unsigned messages._

While ADSP offered valuable improvements over standalone DKIM implementations, its limitations and lack of flexibility led to the rise of DMARC as a more robust and scalable solution. Today, organizations seeking strong email authentication and **anti-spoofing protection** typically focus on SPF, DKIM, and DMARC rather than ADSP. Nevertheless, understanding ADSP provides useful historical context for anyone interested in the evolution of [email security](https://autospf.com/) and authentication standards.

![Brad Slavin](https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for AutoSPF's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Ready to get started?

Try AutoSPF free — no credit card required.

[ Book a Demo ](/book-a-demo/) 

## Related Articles

[  Intermediate 6m  10 Reasons Why DIY-ing SPF isn’t a Good Choice for Companies  Apr 4, 2024 ](/blog/10-reasons-diy-ing-spf-isnt-good-choice-for-companies/)[  Intermediate 5m  The 12.4 billion shield for your email communications: Why DMARC software is the unsung hero in the war against phishing actors!  Nov 19, 2025 ](/blog/12-4-billion-dmarc-software-shield-protecting-email-from-phishing-actors/)[  Intermediate 3m  3 points to consider before setting your SPF record to -all (HardFail)  May 22, 2025 ](/blog/3-points-to-consider-before-setting-your-spf-record-hardfail/)[  Intermediate 3m  5 key contributors to the development of the Sender Policy Framework  Nov 12, 2024 ](/blog/5-key-contributors-to-sender-policy-framework-development/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"What Is ADSP? Understanding Author Domain Signing Practices in DKIM","description":"Learn what ADSP (Author Domain Signing Practices) is, how it works with DKIM, its policy types, benefits, limitations, and why DMARC replaced it.","url":"https://autospf.com/blog/what-is-adsp-understanding-author-domain-signing-practices-in-dkim/","datePublished":"2026-06-02T00:00:00.000Z","dateModified":"2026-06-02T00:00:00.000Z","dateCreated":"2026-06-02T00:00:00.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://autospf.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind AutoSPF, DMARC Report, Phish Protection, and Mailhop. He founded DuoCircle in 2014 to solve the SPF 10-DNS-lookup problem at scale and has led the company's growth to 2,000+ customers. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement) rather than hands-on DNS engineering.","image":"https://media.mailhop.org/autospf/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/what-is-adsp-understanding-author-domain-signing-practices-in-dkim/"},"articleSection":"intermediate","keywords":"","image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/spf-record-check-6422-1780386428619.jpg","caption":"ADSP DKIM policy overview"},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://autospf.com/intermediate/"},{"@type":"ListItem","position":4,"name":"What Is ADSP? Understanding Author Domain Signing Practices in DKIM","item":"https://autospf.com/blog/what-is-adsp-understanding-author-domain-signing-practices-in-dkim/"}]}
```