Set Up SPF, DKIM & DMARC – Configure Email DNS Correctly
Quick answer: SPF, DKIM and DMARC are DNS TXT records that prove your emails are legitimate. Without them emails land in spam or get rejected – with correct configuration you improve deliverability and protect your domain from spoofing.
Why SPF, DKIM & DMARC?
- SPF: Tells receiving servers which IPs may send email for your domain
- DKIM: Digital signature – proves email wasn't tampered with
- DMARC: Policy for failed SPF/DKIM + reporting
Step 1: Set MX record
Type: MX
Name: @
Value: mail.yourdomain.com
Priority: 10Step 2: Set up SPF
Type: TXT
Name: @
Value: "v=spf1 mx a ip4:93.184.216.34 -all"| Scenario | SPF record |
|---|---|
| Own mail server only | v=spf1 mx -all |
| With Google Workspace | v=spf1 include:_spf.google.com -all |
| With Microsoft 365 | v=spf1 include:spf.protection.outlook.com -all |
Step 3: Set up DKIM
Type: TXT
Name: default._domainkey
Value: "v=DKIM1; k=rsa; p=MIIB..."Step 4: Set up DMARC
Type: TXT
Name: _dmarc
Value: "v=DMARC1; p=quarantine; rua=mailto:[email protected]"Test setup
- mail-tester.com (target: 9/10 or 10/10)
- mxtoolbox.com for SPF, DKIM, DMARC