What are SPF, DKIM and DMARC records required for sending emails properly

If you want your emails sent to reach user inbox instead of spam. You have to follow these best practices to set SPF, DKIM, DMARC dns records which allows email providers like gmail to verify if the email actually came from your domain and reject emails sent by spammers who might try to misuse your domain.

If you don’t set DNS records properly your email recipients will see a warning like this.

What are SPF records?

SPF record is a TXT type DNS record which contains information about emails service providers domains and server ip which are authorized to send emails using your domain.

In above image you can see I have authorized zoho.eu, spf.google.com and zeptomail.net to send emails using my domain.

What is DKIM record?

DKIM record is a TXT type DNS records which contains information about public key and the method used for signing your outgoing emails. This allows emails providers like gmail, yahoo to verify email is genuine or not.

What is a DMARC record?

DMARC records contains instructions telling email servers what to do if an email do not pass SPF and DKIM records. You can either select to do nothing using ‘none’ or quarantine such emails (send to spam) or completely reject emails that are not properly authenticated with necessary DNS records.

You can also set a email where reports of such rejected or quarantine emails will be sent.

Please test that your emails are working properly before enabling reject or quarantine option in DMARC record.

Type	Host	Value
TXT	domainkey.example.com	v=DMARC1; p=none; rua=mailto:[email protected]

How to Verify your DNS records

You can use this website https://Lookmydns.com to verify your dns records using multiple global DNS resolvers.

To verify SPF records you will need to enter your domain name and select TXT record type.

To verify DKIM records you will need to enter your dkim domain key and domain name.

DKIM example – domainkey123.yourdomain.com – TXT – FIND