It is crucial to encrypt communications with Email & Web servers, from a security prespective. This helps to prevent man in the middle attacks, and any data easily viewed by hackers sniffing close to your network.
> Web Server Encryption
TLS (Transport Layer Security) - TLS & SSL alike operate by binding websites/organisations to crypto key pairs (public & private key). The public key is distributed, while the private is alway kept secure for verification purposes.
TLS is responsible for establishing encrypted links between your client machine & web server (https - Hypertext Transfer Protocol Secure). This helps to ensure that every session established is secure.
> Email Server Encryption
STARTTLS works by extending the TLS (Transport Layer Security) protocol, encrypting the data. This security encryption is applied to email communication (protocols - IMAPS, POPS, SMTPS). This helps to ensure that every session established is secure.
SPF, DKIM & DMARC are methods that helps prove to other email servers, recipient email servers of your identity. These 3 features will help prove that (you) the sender, is who you say you are.
With email filtering being prevalent, without these features. Your email might not get delivered to recipients successfully.
> SPF (Sender Policy Framework)
SPF is a DNS (type TXT) record that is added to your domain, specifying the server IP addresses or hostnames are allowed to send emails from the domain.
It is highly recommended a hard fail (-all) is used to restrict servers that are not listed in the in the SPF record, and shouldn't be allowed to send emails (rejected by recipient email server).
> DKIM (Domain Key Identified Mail)
DKIM is a DNS (type TXT) record that is added to your domain. Your email server signs your emails (using encryption key - private key), and the signature is matched to the (public key) defined in the DNS record. This helps to ensure that your email remains uncorrupted.
> DMARC (Domain-based Message Authentication)
DMARC is an email authentication method, allowing your domain to indicate if its protected by SPF, DKIM or both. Settings would allow you to define necessary actions, if any of the authentication method fails (eg. to quarantine or reject the message).
DMARC also has the feature allowing recipient server, to report on sender server messages statistics.