How to set up your DKIM, SPF, and DMARC?

Learn how to protect your domain reputation by setting up your DKIM, SPF, and DMARC records.

Hey there! 👋

Setting up DKIM, SPF, and DMARC records is essential for improving your email deliverability, protecting your reputation, and ensuring your emails reach the inbox—where they belong.

These protocols help safeguard your email infrastructure against phishing, email spoofing, and other malicious activities that can harm your brand and reduce your chances of getting replies. So, let’s get you set up with these powerful tools!

👉What Are DKIM, SPF, and DMARC?

Before diving into how to set them up, let’s take a quick look at what each protocol does and why they’re important.

1. DKIM (DomainKeys Identified Mail)

DKIM adds a layer of security by digitally signing your emails with a unique cryptographic key, ensuring that your email hasn’t been altered during transit. It helps verify that the email sent from your domain is indeed from you and hasn’t been tampered with.

  • Why You Need It: DKIM protects your domain from being used for malicious purposes, such as sending spam or phishing emails.
  • How It Helps: It assures recipients that your emails are legitimate, improving your email deliverability and reputation.

2. SPF (Sender Policy Framework)

SPF helps verify that the IP address sending the email is authorized to send emails on behalf of your domain. This helps prevent email spoofing, where malicious senders impersonate your domain to send spam or phishing emails.

  • Why You Need It: SPF prevents unauthorized senders from using your domain name, protecting against phishing and spam attacks.
  • How It Helps: It ensures that only authorized servers can send emails from your domain, improving trust with email providers and boosting your inbox placement.

3. DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC is an email authentication protocol that works with both DKIM and SPF. It gives you control over how email providers handle messages that fail authentication, and helps protect your domain from being used for phishing and other email-based attacks.

  • Why You Need It: DMARC lets you define policies to protect your domain from email spoofing and phishing. It provides reporting to help you track malicious activity.
  • How It Helps: By implementing DMARC, you can ensure that emails sent from your domain are authentic, which increases your credibility and reduces the likelihood of your emails being flagged as spam.

👉Why Do You Need All Three (DKIM, SPF, and DMARC)?

While each of these protocols is powerful on its own, they work best together. Here’s why:

  • DKIM verifies the integrity of your emails and proves they haven’t been altered during transmission.
  • SPF ensures that only authorized IP addresses can send emails from your domain.
  • DMARC combines both DKIM and SPF to define how email providers should handle suspicious emails and provides reports to monitor email activity.

Together, these protocols give you a strong defense against email-based threats like phishing and spoofing, helping you maintain a strong domain reputation and improving your chances of reaching the inbox.

How to Set Up DKIM, SPF, and DMARC

The steps below are written for Google domains, but the general process will be similar if you’re using a different domain provider like GoDaddy, Namecheap, Cloudflare, or Squarespace. Make sure to double-check with your domain provider for the specific instructions.

1. Setting Up DKIM

To set up DKIM for your domain:

  1. Log in to Google Admin (or your domain host’s admin dashboard).
  2. Navigate to Apps > GSuite > Gmail.
  3. Generate a DKIM Key from the Google Admin Console.
  4. Go to your domain provider’s DNS settings and create a new TXT Record with the DKIM key generated by Google.
  5. After adding the DKIM TXT record, you can authenticate the setup in Google Admin.

2. Setting Up SPF

To set up SPF for your domain:

  1. Log in to your domain provider’s DNS management interface (GoDaddy, Namecheap, etc.).
  2. Find the TXT records section in your DNS settings.
  3. Check if an SPF record already exists. If it does, remove it.
  4. Add a new TXT Record with the following value (for Google users):

    v=spf1 include:_spf.google.com ~all
  5. If you're not using Google, replace the value with the SPF record provided by your email service provider.
  6. Set TTL (Time to Live) to 3600 or leave the default value.
  7. Save and wait up to 72 hours for the changes to propagate.

3. Setting Up DMARC

To set up DMARC for your domain:

  1. Go to your domain provider’s DNS management section.
  2. Create a new TXT record with the following values:
    • Host Name: _dmarc
    • Value:
      v=DMARC1; p=quarantine; rua=mailto:your-email@example.com; pct=90; sp=none
    • Replace your-email@example.com with your actual email to receive DMARC reports.
    • For a more lenient policy, use p=none (this will only monitor and report, but not take action on failures).
  3. Save the record and wait for it to propagate across DNS.

Conclusion 

Setting up DKIM, SPF, and DMARC might seem like a technical task, but it’s a crucial step in protecting your email reputation, preventing spoofing, and improving your email deliverability.

By implementing these email authentication protocols, you'll not only protect your domain from malicious activities but also increase the chances of your emails landing in the inbox, boosting your chances of replies.

If you’re not familiar with the technicalities, don’t hesitate to reach out to your hosting provider or a developer for assistance. Once set up, these records will ensure your emails are trustworthy and that your reputation stays intact.

If you need further help, feel free to reach out to us! We’re here to support you in boosting your email deliverability. 🚀

Happy emailing! ✨