Email Deliverability (SPF, DKIM, DMARC)
Email authentication records are DNS settings that prove you are authorized to send email from your domain. Setting up all three is critical for inbox placement.
SPF (Sender Policy Framework):
- Specifies which mail servers can send email on behalf of your domain
- DNS record type: TXT record on your root domain
- Example: v=spf1 include:_spf.google.com ~all
- Check with your email provider for the correct 'include' value
DKIM (DomainKeys Identified Mail):
- Adds a cryptographic signature to your emails to verify they haven't been tampered with
- DNS record type: TXT or CNAME record (provider-specific subdomain)
- Your email provider generates the DKIM key — check their documentation
- Google Workspace: Admin Console > Apps > Gmail > Authenticate Email
- Microsoft 365: Microsoft 365 Defender > Email & Collaboration > Policies
DMARC (Domain-based Message Authentication, Reporting & Conformance):
- Tells receiving servers what to do with emails that fail SPF or DKIM checks
- DNS record type: TXT record at _dmarc.yourdomain.com
- Start with: v=DMARC1; p=none; rua=mailto:[email protected]
- 'p=none' monitors only (recommended to start). Upgrade to 'p=quarantine' then 'p=reject' over time.
Verification:
- WarmySender's Analytics > Mailboxes tab shows SPF, DKIM, and DMARC check status per domain
- Green check = configured correctly, Red X = missing or misconfigured
Common DNS Providers:
- GoDaddy, Namecheap, Cloudflare, Google Domains, Route 53 (AWS)
- Each has a slightly different interface for adding TXT records
- Changes can take 24-48 hours to propagate
Impact: Domains with all three records properly configured see significantly higher inbox placement rates (80%+ vs. 40-60% without).