Setting Up SPF, DKIM, and DMARC

The three DNS records every sending domain needs for email deliverability.

SPF, DKIM, and DMARC are DNS records that prove to receiving mail servers that your emails are legitimate. Without them, your emails are far more likely to land in spam. Setting them up is one of the single highest-impact things you can do for deliverability.

SPF — Sender Policy Framework

SPF tells receiving mail servers which IP addresses are authorised to send email on behalf of your domain. It is a TXT record added to your domain's DNS.

v=spf1 include:_spf.google.com ~all

The example above authorises Google's servers to send for your domain. Replace the include value with the one provided by your email provider. Most providers publish their SPF include value in their help documentation.

DKIM — DomainKeys Identified Mail

DKIM adds a cryptographic signature to every outgoing email. Receiving servers verify the signature to confirm the email was not tampered with in transit. Your email provider generates the DKIM key and gives you a TXT record to add to your DNS.

In Gmail / Google Workspace: go to Admin Console → Apps → Google Workspace → Gmail → Authenticate email → Generate new record. Copy the TXT record and add it to your domain's DNS.

DMARC — Domain-based Message Authentication

DMARC ties SPF and DKIM together and tells receiving servers what to do if either check fails. It also enables reporting so you can see if anyone is spoofing your domain.

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Start with p=none (monitor mode) so you can see reports without affecting delivery. Once you are confident everything is set up correctly, move to p=quarantine or p=reject.

Where to add these records

All three records are TXT records added to your domain's DNS zone, usually through your domain registrar (GoDaddy, Namecheap, Cloudflare, etc.). Changes can take up to 24–48 hours to propagate globally.

Verifying your records

• MXToolbox (mxtoolbox.com) — free SPF, DKIM, and DMARC checker
• Google Admin Toolbox — check-mx.appspot.com
• Mail-tester.com — send a test email and get a full deliverability score

Note: Do not start a cold email campaign without at least SPF and DKIM in place. Without these records, a large percentage of your emails will be rejected or sent to spam regardless of your content.