What’s the difference between authentication and encryption?

Authentication verifies sender identity: confirming the message actually came from who it claims. SPF, DKIM, and DMARC are authentication protocols preventing **impersonation** and **spoofing**.

Encryption protects message confidentiality: ensuring only intended recipients can read content. **TLS** encrypts transmission between servers; **S/MIME** and **PGP** encrypt end-to-end so even servers can't read messages.

Both serve different purposes. Authentication answers "who sent this?" Encryption answers "who can read this?" You can have authenticated messages without encryption (verified sender, readable by intermediaries) or encrypted messages without authentication (private content, uncertain sender). Comprehensive security uses both.