Home Blog Email Infrastructure
Email Infrastructure

Complete Guide to SPF, DKIM, and DMARC Setup

Lex Mar 09, 2026 2 min read 0 views
Complete Guide to SPF, DKIM, and DMARC Setup

Email authentication is the foundation of good deliverability. Without proper SPF, DKIM, and DMARC records, your emails are far more likely to land in spam or be rejected entirely.

What Are SPF, DKIM, and DMARC?

SPF (Sender Policy Framework) tells receiving mail servers which IP addresses are authorized to send email on behalf of your domain. It's a DNS TXT record that lists your approved sending sources.

DKIM (DomainKeys Identified Mail) adds a digital signature to your emails. The receiving server verifies this signature against a public key in your DNS, proving the email hasn't been tampered with.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together. It tells receiving servers what to do when authentication fails and where to send reports.

Setting Up Your SPF Record

An SPF record is a TXT record added to your domain's DNS:

v=spf1 ip4:YOUR_SERVER_IP include:_spf.google.com ~all
  • v=spf1 identifies this as an SPF record
  • ip4:YOUR_SERVER_IP authorizes your server's IP
  • include: authorizes third-party senders
  • ~all soft fails unauthorized sources

Important: You can only have ONE SPF record per domain. Combine multiple senders into one record.

Setting Up DKIM

DKIM requires a public/private key pair. Your SMTP server signs outgoing emails with the private key, and you publish the public key as a DNS TXT record:

Host: default._domainkey.yourdomain.comchr(10)Type: TXTchr(10)Value: v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY

Use a 2048-bit key — 1024-bit is outdated. The selector (e.g., default) must match your SMTP server configuration.

Setting Up DMARC

Add this TXT record to start monitoring:

Host: _dmarc.yourdomain.comchr(10)Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; pct=100

Start with p=none (monitor only), then move to p=quarantine, and finally p=reject once you're confident everything passes.

Verifying Your Setup

After adding all records:

  • Use our free DNS/SMTP Health Checker at smtpcheck.lexlabtools.com
  • Send a test email to mail-tester.com
  • Check email headers for SPF/DKIM/DMARC pass results

Common Mistakes

  • Multiple SPF records — combine into one TXT record
  • Wrong DKIM selector — must match your SMTP config
  • Starting DMARC at p=reject — always start with p=none
  • Missing PTR records — your sending IP needs a PTR pointing to your domain
  • Forgetting an include — every service that sends on your behalf needs to be in SPF

Need help with DNS setup?

Our DNS & Email Authentication Setup service handles everything for you — SPF, DKIM, DMARC, MX records, and verification.

Get Setup from $49
#DKIM #DMARC #DNS #SPF #deliverability #email
Share:
L

Lex

Technical writer at LexLab Tools, covering email infrastructure, web development, and digital business solutions.

About LexLab →

Related Articles

Why SMTP IP Rotation Matters for High-Volume Sending
Email Infrastructure

Why SMTP IP Rotation Matters for High-Volume Sending

Mar 20 3 min
Why Your Emails Land in Spam (And How to Fix It)
Email Infrastructure

Why Your Emails Land in Spam (And How to Fix It)

Mar 17 2 min
How to Check if Your IP or Domain is Blacklisted (And What to Do About It)
Email Infrastructure

How to Check if Your IP or Domain is Blacklisted (And What to Do About It)

Mar 13 3 min
PowerMTA vs Postal: Which SMTP Server Should You Choose?
Email Infrastructure

PowerMTA vs Postal: Which SMTP Server Should You Choose?

Mar 12 3 min