All Collections
Best Practices
How to set up your DKIM, SPF and DMARC?
How to set up your DKIM, SPF and DMARC?

What to do when setting up DKIM, SPF, and DMARC for your email.

Farzad Rashidi avatar
Written by Farzad Rashidi
Updated over a week ago

To put it simply. SPF, DKIM, and DMARC are a set of methods to authenticate emails. These methods prove to ISPs and mail services that the sender is actually authorized to send emails from a specific domain.

Additionally, they are a way to verify the server that is sending your emails is actually sending through your domain.

Below are the ways to set up SPF, DKIM, and DMARC:

SPF - Sender Policy Framework

  1. Start by signing into the domain account on your domain host's site (not your Google Admin Console).

    This can be GoDaddy, Squarespace, Namecheap, etc.

  2. Go to the page/tab that is used to update your domain’s DNS records.

    Some places to look include: DNS Management, Name Server Management, or Advanced Settings

  3. Find your TXT records and check if your domain has an existing SPF record.

    Note: The SPF record starts with “v=spf1…”.

  4. If your domain already has an SPF record, remove it.

  5. Create a TXT record with these values:

    1. Name/Host/Alias - Enter @ or leave blank

    2. Other DNS records for your domain might indicate the correct entry.

    3. Time to Live (TTL) - Enter 3600 or leave the default.

    4. Value/Answer/Destination - Enter v=spf1 ~all.

  6. This can take up to 48 hours to take effect.

DKIM - Domain Key Identified Mail

  1. Log into Google Admin:

    In the navigation menu on the left hand side: Menu > Apps > GSuite > Gmail

  2. Generate a DKIM Key

  3. Create a DNS TXT Record with the DKIM Key generated in the previous step.

    For this you will need to go to your domain provider (GoDaddy, Squarespace, Namecheap, etc.)

  4. After creating the DNS TXT Record in your domain with the DKIM Key, you can Start Authenticating.

DMARC - Domain-based Message Authentication, Reporting, and Conformance

  1. Go to your domain administrator’s site. Find DNS Management or Settings.

  2. Add this TXT Record to your DNS:

    1. Host Name: _dmarc

    2. VALUE (with email): v=DMARC1; p=quarantine; rua=mailto:{email}; pct=90; sp=none

    Note: The email version will send reports to whatever email you put in there. This is totally optional. Here is the value without the email:

    VALUE (no email): v=DMARC1; p=quarantine; pct=90; sp=none

  3. Verify that all DNS settings were set up correctly here.

Did this answer your question?