All Collections
Email Deliverability
๐Ÿ’ปSet up your domain's SPF, DKIM, and DMARC records.
๐Ÿ’ปSet up your domain's SPF, DKIM, and DMARC records.

What, Why, and How to setup SPF, DKIM, and DMARC records for your domain to increase your chances of landing in the main inbox

Naitik Chavda avatar
Written by Naitik Chavda
Updated over a week ago

Hi there, Saleshandy users! ๐Ÿ‘‹

Want to know a secret to boosting your email deliverability and getting more replies? It's all about setting up DKIM, SPF, and DMARC records!

First, DKIM, SPF, and DMARC records are part of your domain's DNS settings. You can find them in your domain provider's dashboard using Google Domains, GoDaddy, Namecheap, or any other provider. These crucial configurations protect your reputation and increase the chances of your emails reaching the inbox. ๐Ÿ“ง

So, let's dive in and discover how these settings can get the best results for your campaigns! And please don't worry; we're here to help you through the process.

Let's get started! ๐Ÿš€

What do DKIM, SPF, and DMARC stand for in email security?

๐Ÿ”’ DKIM (DomainKeys Identified Mail)

DKIM is an email authentication method that adds a digital signature to outgoing emails. It enhances security by verifying the authenticity of the sender. It's unique to your domain and ensures the email hasn't been tampered with during transit and ensures that your emails are recognized as legitimate and secure.

By using DKIM, you build trust with email providers, which improves your email deliverability. It helps your messages land in the recipients' inboxes instead of being flagged as spam safeguarding your domain reputation. ๐Ÿ’‚

๐Ÿ›ก๏ธ SPF (Sender Policy Framework)

SPF is like a superhero cape for your email. ๐Ÿฆธโ€โ™‚๏ธ It's an email authentication protocol that lets domain owners say, "Hey, these are the trusted servers allowed to send emails on my behalf!" It's like a VIP list for email servers, ensuring that only the authorized ones get access to the email party. ๐Ÿ’Œ

When someone receives an email from your domain, their server does a quick SPF check. It looks up your SPF record, like a secret decoder ring for email authenticity. ๐Ÿ•ต๏ธโ€โ™‚๏ธ If the sending server's IP address matches one of the authorized servers in your SPF record, hooray! Your email gets a thumbs-up and is considered legit. But if an imposter tries to crash the party with an unauthorized server, SPF will block them at the door. ๐Ÿšซ

So, let SPF be your trusted ally in the fight against email fraud and impersonation! ๐Ÿ”’

๐Ÿš€ DMARC (Domain-based Message Authentication, Reporting, and Conformance)

Hey, ready for email security superpowers? ๐Ÿฆธโ€โ™€๏ธ That's where DMARC comes in!

DMARC is a robust email authentication protocol that takes email security to the next level. It allows domain owners to set policies for email receivers on how to handle emails that fail authentication checks. It's all in your hands whether you want them quarantined or rejected.

Protect your domain, boost your reputation, and keep those spammy imposters at bay. You're in charge of your email kingdom! ๐Ÿ‘‘

Why are DKIM, SPF, and DMARC necessary? Let's explore!

DMARC, DKIM, and SPF are essential email authentication methods that work together as a powerful trio to protect your email reputation and ensure better deliverability. ๐Ÿ“ง

DKIM ๐Ÿ—๏ธ and SPF ๐Ÿ”’ can be compared to a lock and key system for your email. DKIM is the key digitally signing your outgoing emails to ensure their authenticity and integrity. SPF acts as the lock, specifying which authorized servers can send emails on your domain's behalf. Together, they form a robust defense against unauthorized email activity. ๐Ÿ”

DMARC ๐Ÿšฆ serves as a traffic signal for mail servers. When DKIM or SPF checks fail, DMARC guides the servers' actions. Like a traffic signal controlling vehicles, DMARC tells servers whether to mark failing emails as spam, deliver them anyway, or drop them altogether. This ensures appropriate handling of emails based on their authentication status. ๐Ÿ›‘๐Ÿšš

Hackers constantly exploit phishing attacks and email spam vulnerabilities, which can have disastrous consequences like ransomware infections, data leaks, and unauthorized breaches.

It's why crucial for businesses to stay ahead of the game and keep their email environment secure! Implement DMARC, DKIM, and SPF to protect against email threats and ensure the integrity of your communications. ๐Ÿ”’๐Ÿ“ง

How to Set up DKIM, SPF, and DMARC: A Guide

โš ๏ธ Important: Setting these records (DKIM, SPF, DMARC) is not applicable if you use a free email account like,, or You can set it up only using a business email with your domain attached (i.e., [email protected]).

Before implementing any changes, verifying your service provider's specific instructions and guidelines is crucial. It is recommended to consult their FAQ or support documentation for accurate and up-to-date information. โš ๏ธ

If any records (DKIM, SPF, or DMARC) are missing, you must create a new TXT record. TXT records are a type of DNS record used to store text information for external sources unrelated to your domain.

Note: The examples below assume that Google is your domain and mail provider.

DKIM, How to set it up?

Please note that steps to set up the DKIM record vary for every email provider, and most email providers don't even allow users to set up the DKIM on their own as it needs to be done by contacting them (email provider customer support).

Necessary: If your domain provider is Google Domains, Google automatically creates a DKIM key and adds the key to your domainโ€™s DNS records when you set up Google Workspace. Go directly to Turn on DKIM in your Admin console.

If your domain provider is Google and you have not turned on DKIM in your Admin console. Checkout the video guide or follow the steps below:

๐Ÿ“บVideo Guide

๐ŸชœSteps to Follow

  1. Log in to Google Admin:

  2. In the Admin console, go to Menu > Apps > Google Workspace > Gmail > Authenticate email > Drop-Down(Select the Domain) > Generate New Record(Nothing has to be changed in Pop-up) > Generate a DKIM Key.

  3. Create a DNS TXT Record with the DKIM key generated in the previous step.

    If it's Google, go to DNS > Manage custom records > Create New Record > Paste TXT Record Name > Type: TXT (from drop-down) > Copy TXT Value > Paste TXT Value > Save.

    If it's not Google, you must go to your domain provider. e.g., GoDaddy, Squarespace, Namecheap, etc., for setting the records

  4. After creating the DNS TXT record in your domain with the DKIM Key, Navigate to Admin Console and click Start Authentication.

    Note: DNS changes may take up to 48 hours to fully propagate ( Usually, it will be propagated in a few minutes).

  5. You can verify your DKIM through the mail-tester website after some time.

How to check if an email account has DKIM set correctly?

Link: (Visit this link)

Steps: (Send an email to the mentioned email address > Check your score > Navigate to Authenticate part > If it says your DKIM signature is valid โœ…, you're good to go)

Mission accomplished; you've successfully added DKIM records. ๐Ÿ‘

SPF, How to set it up?

๐Ÿ“บVideo Guide

๐ŸชœSteps to Follow

If SPF records are missing, you must create a new TXT record. TXT records are a type of DNS record used to store text information for external sources unrelated to your domain. Hence, you will need access to your domain's DNS manager.

Note: The steps below assume that Google is your domain and mail provider.

  1. Sign in to your domain account (In our case, it's Google domains). In your case, this might be GoDaddy, Squarespace, Namecheap, etc.

  2. Go to the DNS page to update your domainโ€™s DNS records, DNS Management, Name Server Management, or Advanced Settings.

  3. Please check with your IT provider if your domain already has an SPF record. Find your TXT records and check if your domain has an existing SPF record. The SPF record starts with โ€œv=spf1โ€ฆโ€.

  4. Create a TXT record with these values:

    • Name/Host/Alias - Enter @ or leave blank

    • Time to Live (TTL) - Enter 3600 or leave the default.

    • Value/Answer/Destination - Enter v=spf1 ~all

  5. The DNS manager should have only one SPF record, even if the user uses multiple Email service providers. So deleting the one that is already there is not always the best choice since it might cause issues with other tools you're using. Instead, you want to include more providers in your existing SPF.

Example: Let's say you already have an SPF, including Google.

v=spf1 ~all

Again, be careful the example of value above will work only if Google is your email provider.

If your email provider is not Google, please double-check with your email provider what is the correct value to use; we cannot confirm on our end.

You'd like to include Zoho in this SPF since Zoho is your email provider. You want to modify the existing SPF, which now looks like this.

v=spf1 ~all

This can take up to 72 hours to take effect.

List of standard SPF values for some of the most common ESPs.


v=spf1 ~all


v=spf1 ~all

Zoho mail

v=spf1 ~all


v=spf1 ~all


v=spf1 ~all

Amazon SES

v=spf1 ~all

Yahoo mail

v=spf1 ~all

Yandex mail

v=spf1 ~all

How to create a TXT record in the common DNS providers.

  • Click here to check for Godaddy.

  • Click here to check for Namecheap.

  • Click here to check for Google Domains.

  • Click here to check for Cloudflare.

  • Click here to check for Hostinger.

  • Click here to check for Hostgator.

How to check if an email account has SPF set correctly?

Visit this website and enter the domain of the email address. If it shows a green checkmark next to SPF โœ…, it means an SPF record has been added to that domain, but it doesnโ€™t necessarily mean it is correct. You can click on SPF, and it will show the SPF value added in the DNS manager. You can review that value to check whether the SPF value is correct or not.

Mission accomplished; you've successfully added SPF records. ๐Ÿ‘

DMARC, how to set it up?

To create a DMARC record, you need to create a TXT-type record in the DNS manager of your domain; hence, you will need access to your domain's DNS manager.

๐Ÿ“บ Video Guide

๐ŸชœSteps to Follow

  1. To generate a DMARC record value for your domain, open this website & enter your domain & click Submit button.

  2. If your domain doesn't have a valid DMARC, it will display an X next to DMARC. In that case, you can click the NEXT button to generate a preferred DMARC record.

  3. In the end, you will see a text value generated. You can copy the value displayed.

  4. You can log in to your DNS provider and locate the area where you can manage your DNS records.

  5. Add a new TXT record to your DNS records. The name of the record should be "_dmarc" and the value should be the text file containing the DMARC record.

    Name: _dmarc

  6. Save the changes and wait for the DNS changes to propagate.

How to check if an email account has DMARC set correctly?

Verify your DMARC record is set up correctly by using DMARC record checker tools.

Link: (Visit this link)

Wishing you a delightful experience! โค๏ธ

Happy Selling. ๐Ÿค

Warmest regards,

Saleshandy Team

๐Ÿ‘‰ Next Steps

Check out the below articles If you want to know more about

๐Ÿ’ก Tip

Don't hesitate to reach out if you have any questions. We're available on chat and ready to provide you with prompt assistance. ๐Ÿค—

Did this answer your question?