What is the correct order for SPF, DKIM, and DMARC checks?

Email marketer from Proofpoint notes that, conceptually, SPF and DKIM need to be evaluated first to generate an authentication result that DMARC can then act upon, dictating how to treat the message. They didn't specify the order but the order is implicit.

Email marketer from Reddit explains that first SPF should check the senders IP, then DKIM will verify if the message has been tampered with, then DMARC builds upon these protocols and checks for alignment, only after these verifications will DMARC define what happens to emails that fail authentication.

Email marketer from StackOverflow explains that DMARC builds on SPF and DKIM. DMARC specifies how email receivers should handle messages that fail SPF and DKIM authentication checks. So SPF and DKIM authentication checks must be completed before the DMARC checks.

Email marketer from SparkPost explains that SPF authenticates the sender's IP address, DKIM verifies the message's integrity using a digital signature, and DMARC builds upon these by providing a policy for handling authentication failures and reporting mechanisms.

Expert from Email Geeks recommends advising the client to find a different vendor because DMARC has to come after the other two (SPF and DKIM) or at the very least after one of the other two.

Email marketer from Mailjet shares that the typical flow involves SPF checking the sender's IP, followed by DKIM verifying the message signature. DMARC then uses the results of both to enforce policies and provide feedback to the sender.

Expert from Email Geeks explains that SPF can be checked at connection, before data is transmitted. DKIM MUST be checked after data, and DMARC cannot be checked until after the data is transmitted and DKIM is checked.

Expert from Spamresource explains that DMARC builds on SPF and DKIM to enhance security. It provides a policy that tells recipient mail servers what to do with messages that fail SPF and DKIM checks, and gives a reporting mechanism.

Expert from Spamresource clarifies that SPF authenticates the server, DKIM verifies message content hasn't been altered, and DMARC then provides instruction about what action should be taken if DKIM/SPF tests fail.

Expert from Word to the Wise shares that SPF and DKIM need to come first. Once you’ve got at least one or both of those working, then you can implement DMARC, which specifies how email receivers should handle messages that fail SPF and DKIM authentication checks.

Expert from Email Geeks states that it is possible to pass DMARC without validating DKIM if SPF passes, as you wouldn't need to inspect the message body for DKIM.

Documentation from Google explains that DMARC leverages SPF and DKIM to determine the authenticity of an email. It specifies how recipient mail servers should handle messages that fail SPF and DKIM checks.

Documentation from AuthSMTP answers states that when an email is sent, SPF checks the sender's IP address, DKIM verifies the message's digital signature, and DMARC uses the results of both to enforce policies and provide feedback.

Documentation from DMARC.org clarifies that DMARC relies on SPF and DKIM to authenticate email senders. It uses the results of these checks to apply policies defined by the domain owner, such as quarantining or rejecting unauthenticated messages.

Documentation from Microsoft details that SPF, DKIM, and DMARC work together to provide email authentication. SPF validates the sending mail server, DKIM verifies the message integrity, and DMARC dictates policy based on SPF and DKIM results.