{"id":22394,"date":"2025-06-19T05:25:29","date_gmt":"2025-06-19T05:25:29","guid":{"rendered":"https:\/\/smartreach.io\/blog\/?p=22394"},"modified":"2025-11-26T07:13:55","modified_gmt":"2025-11-26T07:13:55","slug":"how-to-set-up-spf-dkim-dmarc-guide","status":"publish","type":"post","link":"https:\/\/smartreach.io\/blog\/how-to-set-up-spf-dkim-dmarc-guide\/","title":{"rendered":"How to set up SPF, DKIM &amp; DMARC to keep emails out of spam"},"content":{"rendered":"\n<p>If you&#8217;re doing cold email outreach, newsletters, or product updates, poor email deliverability means lost leads and missed revenue.<\/p>\n\n\n\n<p>And the technical issues relating to SPF, DKIM, and DMARC set-up is one of the culprits behind it.<\/p>\n\n\n\n<p>SPF, DKIM &amp; DMARc are email authentication protocols (read \u201ctools\u201d)&nbsp; that tell inbox providers like Gmail and Outlook that you are a trusted sender.<\/p>\n\n\n\n<p>Without proper setup, even professional emails get marked as spam.<\/p>\n\n\n\n<p>This guide shows you exactly how to set up SPF, DKIM &amp; DMARC, step-by-step.<\/p>\n\n\n\n<p>First thing first.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>SPF vs DKIM vs DMARC: Email authentication protocols explained<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list has-palette-color-6-background-color has-background\">\n<li><strong>SPF (Sender Policy Framework)<\/strong><\/li>\n<\/ul>\n\n\n\n<p>It is like a guest list. It tells receiving mail servers which email servers are allowed to send mail for your domain.&nbsp;<\/p>\n\n\n\n<p>For example, if you send newsletters via Mailchimp and sales emails via Gmail, SPF tells inboxes both are legit sources.&nbsp;<\/p>\n\n\n\n<p>Without it, anyone can pretend to send from your domain.<\/p>\n\n\n\n<ul class=\"wp-block-list has-palette-color-6-background-color has-background\">\n<li><strong>DKIM (DomainKeys Identified Mail)<\/strong><\/li>\n<\/ul>\n\n\n\n<p>It is like sealing a letter with a signature.&nbsp;<\/p>\n\n\n\n<p>DKIM adds an encrypted signature to each email.&nbsp;<\/p>\n\n\n\n<p>If someone tampers with the content in transit, the signature breaks and the email fails authentication.<\/p>\n\n\n\n<ul class=\"wp-block-list has-palette-color-6-background-color has-background\">\n<li><strong>DMARC (Domain-based Message Authentication, Reporting &amp; Conformance)<\/strong><\/li>\n<\/ul>\n\n\n\n<p>This is your bouncer.&nbsp;<\/p>\n\n\n\n<p>DMARC checks whether SPF or DKIM passed and then decides what to do\u2014deliver, quarantine, or reject.&nbsp;<\/p>\n\n\n\n<p>It also sends you reports so you can spot issues or abuse attempts.<\/p>\n\n\n\n<p>Together, they form your email&#8217;s authentication system.&nbsp;<\/p>\n\n\n\n<p>For more details on the email authentication protocols, check out &#8211;<\/p>\n\n\n\n<p class=\"has-palette-color-5-background-color has-background has-medium-font-size\"><a href=\"https:\/\/smartreach.io\/blog\/email-authentication-deliverability-guide\/\"><strong>What is email authentication, and why does it matter for my email deliverability?<\/strong><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How to set up email authentication: SPF, DKIM, DMARC tutorial<\/strong><\/h2>\n\n\n\n<p>Now let\u2019s set-up these records one by one. Follow these steps carefully &#8211;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>A) Setting up SPF: Authorize your sending servers<\/strong><\/h3>\n\n\n\n<p>SPF setup means creating a DNS record that lists your authorized mail servers.&nbsp;<\/p>\n\n\n\n<p>Here&#8217;s exactly how to do it.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 1\u2192 Find your current SPF record<\/strong><\/h4>\n\n\n\n<p>First, check if you already have an SPF record.&nbsp;<\/p>\n\n\n\n<p>You can only have one per domain.<\/p>\n\n\n\n<p>Go to <a href=\"http:\/\/mxtoolbox.com\/spf.aspx\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\"><strong>mxtoolbox.com\/spf.aspx<\/strong><\/a><strong>.<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"233\" src=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXehzRGk3RDjJcBlWmQe_bN43iguKSzu_1bVTnDffWsqyean6N8J2fcsVPwmxp1H2uLhjkTLyVpr1ei90s9TwgJl4e_o4aF63_IjmgLqtS4wBLuBTrXfoazNnqaSjmJ5Zkjk-7V4.png\" alt=\"\" class=\"wp-image-22402\" style=\"width:597px;height:auto\" srcset=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXehzRGk3RDjJcBlWmQe_bN43iguKSzu_1bVTnDffWsqyean6N8J2fcsVPwmxp1H2uLhjkTLyVpr1ei90s9TwgJl4e_o4aF63_IjmgLqtS4wBLuBTrXfoazNnqaSjmJ5Zkjk-7V4.png 1600w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXehzRGk3RDjJcBlWmQe_bN43iguKSzu_1bVTnDffWsqyean6N8J2fcsVPwmxp1H2uLhjkTLyVpr1ei90s9TwgJl4e_o4aF63_IjmgLqtS4wBLuBTrXfoazNnqaSjmJ5Zkjk-7V4-300x44.png 300w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXehzRGk3RDjJcBlWmQe_bN43iguKSzu_1bVTnDffWsqyean6N8J2fcsVPwmxp1H2uLhjkTLyVpr1ei90s9TwgJl4e_o4aF63_IjmgLqtS4wBLuBTrXfoazNnqaSjmJ5Zkjk-7V4-1024x149.png 1024w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXehzRGk3RDjJcBlWmQe_bN43iguKSzu_1bVTnDffWsqyean6N8J2fcsVPwmxp1H2uLhjkTLyVpr1ei90s9TwgJl4e_o4aF63_IjmgLqtS4wBLuBTrXfoazNnqaSjmJ5Zkjk-7V4-768x112.png 768w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXehzRGk3RDjJcBlWmQe_bN43iguKSzu_1bVTnDffWsqyean6N8J2fcsVPwmxp1H2uLhjkTLyVpr1ei90s9TwgJl4e_o4aF63_IjmgLqtS4wBLuBTrXfoazNnqaSjmJ5Zkjk-7V4-1536x224.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\" \/><\/figure>\n\n\n\n<p>Enter your domain and see if you already have an SPF record.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"384\" src=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXc5IkRz_9ulv-wASaBz8FDUOZ-mBR2v6vsfYRBa2y6lFX7wMKtr0VuL6t39OTo4iqm2aj86lu40oTM7j8Q-uwWv5hDg0KPw8IZV9Fab7pPg8FRJyPG9VQBfTVnK1oYSGj900jdZoA.png\" alt=\"\" class=\"wp-image-22403\" style=\"width:596px;height:auto\" srcset=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXc5IkRz_9ulv-wASaBz8FDUOZ-mBR2v6vsfYRBa2y6lFX7wMKtr0VuL6t39OTo4iqm2aj86lu40oTM7j8Q-uwWv5hDg0KPw8IZV9Fab7pPg8FRJyPG9VQBfTVnK1oYSGj900jdZoA.png 1600w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXc5IkRz_9ulv-wASaBz8FDUOZ-mBR2v6vsfYRBa2y6lFX7wMKtr0VuL6t39OTo4iqm2aj86lu40oTM7j8Q-uwWv5hDg0KPw8IZV9Fab7pPg8FRJyPG9VQBfTVnK1oYSGj900jdZoA-300x72.png 300w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXc5IkRz_9ulv-wASaBz8FDUOZ-mBR2v6vsfYRBa2y6lFX7wMKtr0VuL6t39OTo4iqm2aj86lu40oTM7j8Q-uwWv5hDg0KPw8IZV9Fab7pPg8FRJyPG9VQBfTVnK1oYSGj900jdZoA-1024x246.png 1024w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXc5IkRz_9ulv-wASaBz8FDUOZ-mBR2v6vsfYRBa2y6lFX7wMKtr0VuL6t39OTo4iqm2aj86lu40oTM7j8Q-uwWv5hDg0KPw8IZV9Fab7pPg8FRJyPG9VQBfTVnK1oYSGj900jdZoA-768x184.png 768w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXc5IkRz_9ulv-wASaBz8FDUOZ-mBR2v6vsfYRBa2y6lFX7wMKtr0VuL6t39OTo4iqm2aj86lu40oTM7j8Q-uwWv5hDg0KPw8IZV9Fab7pPg8FRJyPG9VQBfTVnK1oYSGj900jdZoA-1536x369.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\" \/><\/figure>\n\n\n\n<p>If you find one, you&#8217;ll modify it. If not, you&#8217;ll create a new one.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 2 \u2192&nbsp; Identify your email services<\/strong><\/h4>\n\n\n\n<p>List every email service that sends emails from your domain.&nbsp;<\/p>\n\n\n\n<p>This includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/smartreach.io\/blog\/free-email-service-providers\/\">Your email provider<\/a>s (Gmail, Outlook, Zoho etc.)<\/li>\n\n\n\n<li>Marketing tools (Mailchimp, Constant Contact)<\/li>\n\n\n\n<li>CRM systems (Salesforce, HubSpot)<\/li>\n\n\n\n<li>Transactional email services (SendGrid, <a href=\"https:\/\/mailtrap.io\/\" target=\"_blank\" rel=\"noopener\" title=\"Mailgun\">Mailgun<\/a>)<\/li>\n\n\n\n<li>Any other tools that send emails<\/li>\n<\/ul>\n\n\n\n<p>Write them all down.&nbsp;<\/p>\n\n\n\n<p>Missing even one service will cause authentication failures.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 3 \u2192 Create or update your SPF record<\/strong><\/h4>\n\n\n\n<p>Your SPF record includes all these services. Here&#8217;s the commone format:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-palette-color-5-background-color has-background has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">v=spf1 [your services] ~all<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Common service includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Google Workspace: include:_spf.google.com<\/li>\n\n\n\n<li>Microsoft 365: include:spf.protection.outlook.com<\/li>\n\n\n\n<li>Mailchimp: include:servers.mcsv.net<\/li>\n\n\n\n<li>SendGrid: include:sendgrid.net<\/li>\n\n\n\n<li>Constant Contact: include:spf.constantcontact.com<\/li>\n<\/ul>\n\n\n\n<p>Real example for a company using Google and Mailchimp:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-palette-color-5-background-color has-background has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">v=spf1 include:_spf.google.com include:servers.mcsv.net ~all<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Example for just Google workspace accounts:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-palette-color-5-background-color has-background has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">v=spf1 include:_spf.google.com ~all<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The ~all at the end is important.&nbsp;<\/p>\n\n\n\n<p>It tells email servers to flag suspicious emails but not reject them completely. Before moving on, you can use an <a href=\"https:\/\/powerdmarc.com\/spf-record-lookup\/\" target=\"_blank\" rel=\"noopener\" title=\"\">SPF record checker<\/a> to preview how your record will be interpreted by mail servers.<\/p>\n\n\n\n<p><strong>Note:<\/strong> Avoid +all \u2014 it allows anyone to send on your behalf.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 4 \u2192 Add the SPF record to DNS<\/strong><\/h4>\n\n\n\n<p>Now add this record to your domain&#8217;s DNS settings.&nbsp;<\/p>\n\n\n\n<p>Log in to your domain registrar (GoDaddy, Namecheap, Cloudflare, etc).<\/p>\n\n\n\n<p>The process varies by provider, but here&#8217;s the general approach:<\/p>\n\n\n\n<p><strong>A) For GoDaddy users:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log into your GoDaddy account<\/li>\n\n\n\n<li>Go to &#8220;My Products&#8221; then &#8220;DNS&#8221;<\/li>\n\n\n\n<li>Click &#8220;Add&#8221; under DNS Records<\/li>\n\n\n\n<li>Set Type to &#8220;TXT&#8221;<\/li>\n\n\n\n<li>Set Name to &#8220;@&#8221;<\/li>\n\n\n\n<li>Paste your SPF record in the Value field<\/li>\n\n\n\n<li>Click &#8220;Save&#8221;<\/li>\n<\/ol>\n\n\n\n<p><strong>B) For Cloudflare users:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log into Cloudflare<\/li>\n\n\n\n<li>Select your domain<\/li>\n\n\n\n<li>Go to the DNS tab<\/li>\n\n\n\n<li>Click &#8220;Add record&#8221;<\/li>\n\n\n\n<li>Set Type to &#8220;TXT&#8221;<\/li>\n\n\n\n<li>Set Name to &#8220;@&#8221;<\/li>\n\n\n\n<li>Paste your SPF record in Content<\/li>\n\n\n\n<li>Click &#8220;Save&#8221;<\/li>\n<\/ol>\n\n\n\n<p><strong>C) For other domain providers:<\/strong>&nbsp;<\/p>\n\n\n\n<p>The steps are similar.&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to DNS settings<\/li>\n\n\n\n<li>Add a <strong>TXT<\/strong> record<\/li>\n\n\n\n<li>Name: @ or your root domain<\/li>\n\n\n\n<li>Value: Your SPF string<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 5 \u2192&nbsp; Test &amp; verify the SPF record<\/strong><\/h4>\n\n\n\n<p>Wait 2-4 hours for DNS changes to take effect.&nbsp;<\/p>\n\n\n\n<p>Then test your record:<\/p>\n\n\n\n<p>Go to MXToolbox.com.&nbsp;<\/p>\n\n\n\n<p>Enter your domain. Click &#8220;SPF Record Lookup.&#8221;&nbsp;<\/p>\n\n\n\n<p>You should see your new record listed.<\/p>\n\n\n\n<p>Send a test email to yourself.&nbsp;<\/p>\n\n\n\n<p>Check the email headers.&nbsp;<\/p>\n\n\n\n<p>You should see &#8220;SPF: PASS&#8221; in the authentication results.<\/p>\n\n\n\n<p>__________<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>B) Setting up DKIM: Add digital signatures to the emails<\/strong><\/h3>\n\n\n\n<p>DKIM requires generating encryption keys and adding them to your DNS.&nbsp;<\/p>\n\n\n\n<p>Your email service providers (Gmail, Outlook etc.) usually handles the technical parts.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 1 \u2192 Generate DKIM keys in your email provider<\/strong><\/h4>\n\n\n\n<p><strong>A) For Google Workspace:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to admin.google.com<\/li>\n\n\n\n<li>Click &#8220;Apps&#8221; then &#8220;Google Workspace&#8221; then &#8220;Gmail&#8221;<\/li>\n\n\n\n<li>Click &#8220;Authenticate email&#8221;<\/li>\n\n\n\n<li>Click &#8220;Generate new record&#8221;<\/li>\n\n\n\n<li>Enter a selector name (like &#8220;google&#8221; or &#8220;selector1&#8221;)<\/li>\n\n\n\n<li>Choose 2048-bit key<\/li>\n\n\n\n<li>Click &#8220;Generate&#8221;<\/li>\n<\/ol>\n\n\n\n<p>Google will show you a DNS record to add.&nbsp;<\/p>\n\n\n\n<p>Copy this entire record.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Generate a DKIM key for your domain\" width=\"1242\" height=\"699\" src=\"https:\/\/www.youtube.com\/embed\/Toz75gMmwTg?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><strong>B) For Microsoft 365:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to security.microsoft.com<\/li>\n\n\n\n<li>Navigate to &#8220;Email &amp; Collaboration&#8221; then &#8220;Policies &amp; Rules&#8221;<\/li>\n\n\n\n<li>Click &#8220;Threat policies&#8221; then &#8220;DKIM&#8221;<\/li>\n\n\n\n<li>Select your domain<\/li>\n\n\n\n<li>Click &#8220;Create DKIM keys&#8221;<\/li>\n\n\n\n<li>Copy the provided DNS records<\/li>\n<\/ol>\n\n\n\n<p><strong>C) For other email providers:<\/strong><\/p>\n\n\n\n<p>Check your provider&#8217;s help documentation. Search for &#8220;DKIM setup&#8221; or &#8220;email authentication.&#8221;<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 2 \u2192 Add DKIM records to DNS<\/strong><\/h4>\n\n\n\n<p>You&#8217;ll add the records your email provider gave you.&nbsp;<\/p>\n\n\n\n<p>They look complex, but you just copy and paste them.<\/p>\n\n\n\n<p>The record name usually looks like:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-palette-color-5-background-color has-background has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">selector1._domainkey&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>The record value starts with: v=DKIM1; k=rsa; p=<\/p>\n\n\n\n<p><strong>A) Add DKIM record in GoDaddy:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to DNS management<\/li>\n\n\n\n<li>Click &#8220;Add&#8221; under DNS Records<\/li>\n\n\n\n<li>Set Type to &#8220;TXT&#8221;<\/li>\n\n\n\n<li>Set Name to the exact name provided (like &#8220;selector1._domainkey&#8221;)<\/li>\n\n\n\n<li>Paste the entire value in the Value field<\/li>\n\n\n\n<li>Click &#8220;Save&#8221;<\/li>\n<\/ol>\n\n\n\n<p><strong>B) Add DKIM records in Cloudflare:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go to DNS tab<\/li>\n\n\n\n<li>Click &#8220;Add record&#8221;<\/li>\n\n\n\n<li>Set Type to &#8220;TXT&#8221;<\/li>\n\n\n\n<li>Set Name to the provided name<\/li>\n\n\n\n<li>Paste the value in Content<\/li>\n\n\n\n<li>Click &#8220;Save&#8221;<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 3 \u2192 Enable DKIM signing<\/strong><\/h4>\n\n\n\n<p>After adding the DNS records, enable DKIM in your email provider:<\/p>\n\n\n\n<p><strong>Google Workspace:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Go back to the &#8220;Authenticate email&#8221; section<\/li>\n\n\n\n<li>Click &#8220;Start authentication&#8221; next to your domain<\/li>\n\n\n\n<li>Wait for verification (can take up to 48 hours)<\/li>\n<\/ol>\n\n\n\n<p><strong>Microsoft 365:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Return to the DKIM section<\/li>\n\n\n\n<li>Toggle the switch to &#8220;Enabled&#8221; for your domain<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 4 \u2192 Verify DKIM is working<\/strong><\/h4>\n\n\n\n<p>Test your DKIM setup:<\/p>\n\n\n\n<p>Use MXToolbox&#8217;s <a href=\"https:\/\/mxtoolbox.com\/dkim.aspx\">DKIM lookup too<\/a>l.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"280\" src=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXe07yCGMkQ4ulKCnW0O7RvGTzrDoIKViGgkD7Zk3zDsNuFUt31K3o7XXzlxPxFuH5UDqT4u_R3LloRjK_aI677lUpqBSkM8rdA7XB3IlSkXP_6ne5JGoUu2lhn8vt8ah_GJSTAWzA.png\" alt=\"\" class=\"wp-image-22401\" srcset=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXe07yCGMkQ4ulKCnW0O7RvGTzrDoIKViGgkD7Zk3zDsNuFUt31K3o7XXzlxPxFuH5UDqT4u_R3LloRjK_aI677lUpqBSkM8rdA7XB3IlSkXP_6ne5JGoUu2lhn8vt8ah_GJSTAWzA.png 1600w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXe07yCGMkQ4ulKCnW0O7RvGTzrDoIKViGgkD7Zk3zDsNuFUt31K3o7XXzlxPxFuH5UDqT4u_R3LloRjK_aI677lUpqBSkM8rdA7XB3IlSkXP_6ne5JGoUu2lhn8vt8ah_GJSTAWzA-300x53.png 300w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXe07yCGMkQ4ulKCnW0O7RvGTzrDoIKViGgkD7Zk3zDsNuFUt31K3o7XXzlxPxFuH5UDqT4u_R3LloRjK_aI677lUpqBSkM8rdA7XB3IlSkXP_6ne5JGoUu2lhn8vt8ah_GJSTAWzA-1024x179.png 1024w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXe07yCGMkQ4ulKCnW0O7RvGTzrDoIKViGgkD7Zk3zDsNuFUt31K3o7XXzlxPxFuH5UDqT4u_R3LloRjK_aI677lUpqBSkM8rdA7XB3IlSkXP_6ne5JGoUu2lhn8vt8ah_GJSTAWzA-768x134.png 768w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXe07yCGMkQ4ulKCnW0O7RvGTzrDoIKViGgkD7Zk3zDsNuFUt31K3o7XXzlxPxFuH5UDqT4u_R3LloRjK_aI677lUpqBSkM8rdA7XB3IlSkXP_6ne5JGoUu2lhn8vt8ah_GJSTAWzA-1536x269.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\" \/><\/figure>\n\n\n\n<p>Enter your domain and selector.&nbsp;<\/p>\n\n\n\n<p>You should see your public key.<\/p>\n\n\n\n<p>Send a test email. Check the headers for &#8220;DKIM: PASS&#8221; in the authentication results.<\/p>\n\n\n\n<p>__________<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>C) Setting up DMARC: control and monitor email Use<\/strong><\/h3>\n\n\n\n<p>DMARC brings SPF and DKIM together.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 1 \u2192 Start with a monitoring policy<\/strong><\/h4>\n\n\n\n<p>Create a basic DMARC record for monitoring first, something like:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-palette-color-5-background-color has-background has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\">v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>p=none: Monitor only, take no action yet<\/li>\n\n\n\n<li>rua: Where DMARC reports will be sent<\/li>\n\n\n\n<li>Replace &#8220;<strong>yourdomain.com<\/strong>&#8221; with your actual domain.<\/li>\n<\/ul>\n\n\n\n<p>This record:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sets policy to &#8220;none&#8221; (monitoring only)<\/li>\n\n\n\n<li>Sends reports to your email address<\/li>\n\n\n\n<li>Doesn&#8217;t block any emails yet<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 2 \u2192 Set up email for reports<\/strong><\/h4>\n\n\n\n<p>Create an email address to receive DMARC reports. You can use:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>dmarc@yourdomain.com<\/li>\n\n\n\n<li>reports@yourdomain.com<\/li>\n\n\n\n<li>Any existing email address<\/li>\n<\/ul>\n\n\n\n<p>These reports show you authentication results for all emails from your domain.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 3 \u2192 Add DMARC record to DNS<\/strong><\/h4>\n\n\n\n<p>Add the DMARC record to your DNS:<\/p>\n\n\n\n<p><strong>The record name must be:<\/strong> _dmarc<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>For GoDaddy users:<\/strong><\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list has-palette-color-5-background-color has-background\">\n<li>Go to DNS management<\/li>\n\n\n\n<li>Click &#8220;Add&#8221;<\/li>\n\n\n\n<li>Set Type to &#8220;TXT&#8221;<\/li>\n\n\n\n<li>Set Name to &#8220;_dmarc&#8221;<\/li>\n\n\n\n<li>Paste your DMARC record in Value<\/li>\n\n\n\n<li>Click &#8220;Save&#8221;<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>For Cloudflare users:<\/strong><\/li>\n<\/ul>\n\n\n\n<ol class=\"wp-block-list has-palette-color-5-background-color has-background\">\n<li>Go to DNS tab<\/li>\n\n\n\n<li>Click &#8220;Add record&#8221;<\/li>\n\n\n\n<li>Set Type to &#8220;TXT&#8221;<\/li>\n\n\n\n<li>Set Name to &#8220;_dmarc&#8221;<\/li>\n\n\n\n<li>Paste your record in Content<\/li>\n\n\n\n<li>Click &#8220;Save&#8221;<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 4 \u2192 Monitor your reports<\/strong><\/h4>\n\n\n\n<p>DMARC reports arrive daily or weekly. They show &#8211;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How many emails passed or failed authentication<\/li>\n\n\n\n<li>Which IP addresses sent emails from your domain<\/li>\n\n\n\n<li>Potential security threats<\/li>\n<\/ul>\n\n\n\n<p>Use tools like <a href=\"https:\/\/dmarcian.com\/domain-checker\/\">DMARCIAN<\/a> to make these reports easier to read.<\/p>\n\n\n\n<h4 class=\"wp-block-heading has-palette-color-6-background-color has-background\"><strong>Step 5 \u2192 Strengthen your policy gradually<\/strong><\/h4>\n\n\n\n<p>After monitoring for 2-4 weeks, you can strengthen your policy:<\/p>\n\n\n\n<ul class=\"wp-block-list has-palette-color-5-background-color has-background\">\n<li><strong>Quarantine policy:<\/strong> v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com<\/li>\n<\/ul>\n\n\n\n<p>This sends suspicious emails to spam folders.<\/p>\n\n\n\n<ul class=\"wp-block-list has-palette-color-5-background-color has-background\">\n<li><strong>Reject policy:<\/strong> v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com<\/li>\n<\/ul>\n\n\n\n<p>This blocks suspicious emails completely.<\/p>\n\n\n\n<p>Only move to stricter policies after confirming your legitimate emails pass authentication.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Test your complete email authentication setup<\/strong><\/h2>\n\n\n\n<p>After setting up all three protocols:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Use MXToolbox to check each record individually<\/li>\n\n\n\n<li>Send test emails to different providers (Gmail, Outlook, Yahoo)<\/li>\n\n\n\n<li>Check email headers for authentication passes<\/li>\n\n\n\n<li>Monitor your DMARC reports for any failures<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>6 Helpful resources for testing the authentication records<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list has-palette-color-5-background-color has-background\">\n<li><a href=\"http:\/\/mxtoolbox.com\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">MXToolbox.com<\/a> \u2192 Free DNS and email testing<\/li>\n\n\n\n<li><a href=\"http:\/\/mail-tester.com\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Mail-tester.com<\/a> \u2192 Complete email deliverability analysis<\/li>\n\n\n\n<li><a href=\"https:\/\/gmail.com\/postmaster\/\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Google Postmaster Tools<\/a> \u2192 Monitor your reputation with Gmail<\/li>\n\n\n\n<li><a href=\"https:\/\/dmarcian.com\/\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">DMARCIAN<\/a> \u2192 Analyze DMARC reports&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/support.google.com\/a\/answer\/174124?hl=en\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Google DKIM Set-up Guide<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/learn.microsoft.com\/en-us\/defender-office-365\/email-authentication-dkim-configure\" target=\"_blank\" rel=\"noopener nofollow\" title=\"\">Micorsoft 365 DKIM set-up Guide<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Avoid these common email authentication mistakes<\/strong><\/h2>\n\n\n\n<p>Here are some of the most common mistakes people make when setting up SPF, DKIM and DMARC records for email authentication.<\/p>\n\n\n\n<p class=\"has-palette-color-6-background-color has-background\"><strong>#1 Common SPF mistakes:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Including too many services (SPF has a 10 DNS lookup limit)<\/li>\n\n\n\n<li>Forgetting to include all email services<\/li>\n\n\n\n<li>Using the wrong syntax<\/li>\n<\/ul>\n\n\n\n<p class=\"has-palette-color-6-background-color has-background\"><strong>#2 Common DKIM mistakes:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Not enabling DKIM signing after adding DNS records<\/li>\n\n\n\n<li>Using weak 1024-bit keys instead of 2048-bit<\/li>\n\n\n\n<li>Adding records with incorrect names<\/li>\n<\/ul>\n\n\n\n<p class=\"has-palette-color-6-background-color has-background\"><strong>#3 Common DMARC mistakes:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Starting with strict policies instead of monitoring<\/li>\n\n\n\n<li>Not setting up email to receive reports<\/li>\n\n\n\n<li>Ignoring the reports once they start arriving<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Get pre-configured Gmail &amp; Microsoft 365 inboxes with SmartReach.io<\/strong><\/h2>\n\n\n\n<p>Now you can avoid the hassle of these technical set-ups by buying <a href=\"https:\/\/smartreach.io\/secondary-domains-and-email-accounts\/\">custom secondary domains and mailboxes<\/a> from SmartReach.io directly.<\/p>\n\n\n\n<p>It\u2019s always safer and more effective to send cold emails from custom domains and inboxes built for outreach.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"1080\" src=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXcyoWFqjH1eoANDaOqjv_RBy0_96919kHrLsF1TidX0YxtwG3vV0QH9K4dywQutIxSonxySky67d06ofafolU_cJ_-jGOWIFRtCFNX-uJ8Mg4tNJ4KyWzRhwM4z04630fl9gxiRpw.png\" alt=\"SmartReach.io provides delivery optimized email inboxes and secondary domains\" class=\"wp-image-22404\" style=\"width:569px;height:auto\" srcset=\"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXcyoWFqjH1eoANDaOqjv_RBy0_96919kHrLsF1TidX0YxtwG3vV0QH9K4dywQutIxSonxySky67d06ofafolU_cJ_-jGOWIFRtCFNX-uJ8Mg4tNJ4KyWzRhwM4z04630fl9gxiRpw.png 1080w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXcyoWFqjH1eoANDaOqjv_RBy0_96919kHrLsF1TidX0YxtwG3vV0QH9K4dywQutIxSonxySky67d06ofafolU_cJ_-jGOWIFRtCFNX-uJ8Mg4tNJ4KyWzRhwM4z04630fl9gxiRpw-300x300.png 300w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXcyoWFqjH1eoANDaOqjv_RBy0_96919kHrLsF1TidX0YxtwG3vV0QH9K4dywQutIxSonxySky67d06ofafolU_cJ_-jGOWIFRtCFNX-uJ8Mg4tNJ4KyWzRhwM4z04630fl9gxiRpw-1024x1024.png 1024w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXcyoWFqjH1eoANDaOqjv_RBy0_96919kHrLsF1TidX0YxtwG3vV0QH9K4dywQutIxSonxySky67d06ofafolU_cJ_-jGOWIFRtCFNX-uJ8Mg4tNJ4KyWzRhwM4z04630fl9gxiRpw-150x150.png 150w, https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/AD_4nXcyoWFqjH1eoANDaOqjv_RBy0_96919kHrLsF1TidX0YxtwG3vV0QH9K4dywQutIxSonxySky67d06ofafolU_cJ_-jGOWIFRtCFNX-uJ8Mg4tNJ4KyWzRhwM4z04630fl9gxiRpw-768x768.png 768w\" sizes=\"auto, (max-width: 1080px) 100vw, 1080px\" \/><\/figure>\n\n\n\n<p><strong>SmartReach.io offers a done-for-you cold email infrastructure<\/strong> \u2014 complete with verified domains and inboxes, already configured with SPF, DKIM, and DMARC.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Get Professional emails now on SmartReach with Zapmail!\" width=\"1242\" height=\"699\" src=\"https:\/\/www.youtube.com\/embed\/GAY2dwdIBWo?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Here\u2019s what you get:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pre-warmed Microsoft &amp; Gmail inboxes with high sender reputation<\/li>\n\n\n\n<li>Secondary domains attached ready for cold email use<\/li>\n\n\n\n<li>Pre-configured DNS rcords for ready-to-use<\/li>\n\n\n\n<li>SmartReach <a href=\"https:\/\/smartreach.io\/cold-email-software\/\">cold email platform<\/a> integration<\/li>\n\n\n\n<li>Built-in email deliverability protection<\/li>\n\n\n\n<li>Monthly plans \u2014 no yearly commitments on domains and mailboxes<\/li>\n<\/ul>\n\n\n\n<p><strong><br> \ud83d\udc49 <a href=\"https:\/\/app.smartreach.io\/register\/?utm_source=smartreach_blog&amp;utm_medium=try_for_free_banner&amp;utm_campaign=\">Try SmartReach.io for FREE<\/a> \u2014 no credit card required.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Final thoughts<\/strong><\/h2>\n\n\n\n<p>Start with SPF since it&#8217;s the easiest to set up. Then add DKIM. Finally, implement DMARC monitoring.<\/p>\n\n\n\n<p>Don&#8217;t rush the process.&nbsp;<\/p>\n\n\n\n<p>Take time to test each step.&nbsp;<\/p>\n\n\n\n<p>Monitor your email delivery rates as you make changes.<\/p>\n\n\n\n<p>Within a few weeks, you&#8217;ll see better inbox placement.&nbsp;<\/p>\n\n\n\n<p>Your emails will reach more people &amp; campaigns will perform better.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>FAQs: SPF, DKIM, and DMARC<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. What is SPF in email and why is it important?<\/strong><\/h3>\n\n\n\n<p>SPF tells inboxes which servers are allowed to send mail for your domain. It helps stop spammers from impersonating you and boosts your deliverability.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. How do I check if my SPF, DKIM, and DMARC are working?<\/strong><\/h3>\n\n\n\n<p>Use tools like MXToolbox or send a test email to Gmail. Check the message headers\u2014if you see &#8220;pass&#8221; next to SPF, DKIM, and DMARC, you&#8217;re set.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. Can I use more than one email service with SPF?<\/strong><\/h3>\n\n\n\n<p>Yes. Just include each sender\u2019s domain in one SPF record. For example: v=spf1 include:_spf.google.com include:sendgrid.net ~all<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. What happens if I don\u2019t set up DKIM?<\/strong><\/h3>\n\n\n\n<p>Your emails may not be trusted by inbox providers. Without DKIM, emails could be altered or rejected by spam filters.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. What does DMARC do exactly?<\/strong><\/h3>\n\n\n\n<p>DMARC uses SPF and DKIM results to decide what to do with unauthenticated emails. It can also send you reports to catch suspicious activity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. Should I use &#8216;quarantine&#8217; or &#8216;reject&#8217; in my DMARC policy?<\/strong><\/h3>\n\n\n\n<p>Start with p=none to monitor. Once things look clean, move to quarantine. If everything passes regularly, use reject to block bad mail.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. Do I need technical help to set up SPF, DKIM, and DMARC?<\/strong><\/h3>\n\n\n\n<p>You can do it yourself with your domain registrar and email provider\u2019s guides. But if you&#8217;re unsure, a tech person or support team can help.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Q. How long does it take for SPF, DKIM, and DMARC changes to work?<\/strong><\/h3>\n\n\n\n<p>Most DNS updates take a few minutes to a few hours to propagate. Check back after 24 hours to confirm the setup is active.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn how to configure SPF, DKIM, and DMARC email authentication to improve deliverability and prevent your emails from landing in spam folders. Step-by-step guide included<\/p>\n","protected":false},"author":24,"featured_media":22400,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[125,1],"tags":[],"class_list":["post-22394","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-account_executive","category-miscellaneous"],"blocksy_meta":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/smartreach.io\/blog\/wp-content\/uploads\/2025\/06\/DMARC-DKIM-SPF-setup-guide-1.webp","_links":{"self":[{"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/posts\/22394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/comments?post=22394"}],"version-history":[{"count":3,"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/posts\/22394\/revisions"}],"predecessor-version":[{"id":25466,"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/posts\/22394\/revisions\/25466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/media\/22400"}],"wp:attachment":[{"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/media?parent=22394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/categories?post=22394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/smartreach.io\/blog\/wp-json\/wp\/v2\/tags?post=22394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}