Blog › How to Set Up SPF, DKIM, and DMARC Records for Email Authentication

How to Set Up SPF, DKIM, and DMARC Records for Email Authentication

2026-03-16  ·  8 min read  ·  By INBXR Team

When it comes to email deliverability, one of the most crucial aspects is email authentication. Email authentication is the process of verifying the identity of the sender of an email, and it is essential for preventing spam and phishing attacks. To set up email authentication, you need to configure three types of records: SPF, DKIM, and DMARC. In this article, we will explore how to set up SPF DKIM DMARC records and why they are essential for email deliverability. We will also provide a step-by-step guide on how to set up SPF DKIM DMARC records, including examples and actionable steps. By the end of this article, you will have a comprehensive understanding of email authentication and how to set up SPF, DKIM, and DMARC records to improve your email deliverability.

Introduction to Email Authentication

Email authentication is a critical aspect of email deliverability, and it is essential for preventing spam and phishing attacks. Email authentication verifies the identity of the sender of an email, ensuring that the email is coming from a legitimate source. There are three types of email authentication records: SPF, DKIM, and DMARC. SPF (Sender Policy Framework) records verify the IP address of the sender, DKIM (DomainKeys Identified Mail) records verify the domain of the sender, and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records verify the domain and IP address of the sender.

Email authentication is essential for preventing spam and phishing attacks because it helps to prevent malicious emails from being delivered to the recipient's inbox. By verifying the identity of the sender, email authentication ensures that only legitimate emails are delivered to the recipient's inbox. This is especially important for businesses, as it helps to prevent their brand from being used for malicious purposes.

To set up email authentication, you need to configure SPF, DKIM, and DMARC records. This can be a complex process, but it is essential for improving email deliverability. In this article, we will provide a step-by-step guide on how to set up SPF DKIM DMARC records, including examples and actionable steps.

What are SPF, DKIM, and DMARC Records?

SPF, DKIM, and DMARC records are three types of email authentication records that are used to verify the identity of the sender of an email. SPF records verify the IP address of the sender, DKIM records verify the domain of the sender, and DMARC records verify the domain and IP address of the sender.

SPF records are used to specify which IP addresses are authorized to send emails on behalf of a domain. For example, if you have a domain called example.com, you can set up an SPF record that specifies which IP addresses are authorized to send emails from example.com. This helps to prevent spam and phishing attacks by ensuring that only authorized IP addresses can send emails from your domain.

DKIM records are used to verify the domain of the sender. DKIM uses a digital signature to verify the authenticity of an email. The digital signature is generated using a private key, and it is verified using a public key. This helps to ensure that the email has not been tampered with during transmission.

DMARC records are used to verify the domain and IP address of the sender. DMARC uses a combination of SPF and DKIM to verify the authenticity of an email. DMARC also provides reporting and conformance features, which help to identify and prevent spam and phishing attacks.

To set up SPF, DKIM, and DMARC records, you can use tools such as Sender Check. This tool helps to verify SPF, DKIM, and DMARC records, and it provides guidance on how to set up these records.

Benefits of Setting Up SPF, DKIM, and DMARC

Setting up SPF, DKIM, and DMARC records provides several benefits, including improved email deliverability, increased security, and enhanced reputation. By verifying the identity of the sender, SPF, DKIM, and DMARC records help to prevent spam and phishing attacks, which can damage your brand and reputation.

Improved email deliverability is one of the most significant benefits of setting up SPF, DKIM, and DMARC records. By verifying the identity of the sender, these records help to ensure that legitimate emails are delivered to the recipient's inbox, rather than being blocked or flagged as spam.

Increased security is another benefit of setting up SPF, DKIM, and DMARC records. By verifying the domain and IP address of the sender, these records help to prevent malicious emails from being delivered to the recipient's inbox. This helps to protect your brand and reputation, and it also helps to prevent financial losses due to phishing attacks.

Enhanced reputation is also a benefit of setting up SPF, DKIM, and DMARC records. By verifying the identity of the sender, these records help to demonstrate that your brand is committed to email authentication and security. This can help to improve your reputation and build trust with your customers.

To test the effectiveness of your SPF, DKIM, and DMARC records, you can use tools such as Inbox Placement. This tool helps to test whether your emails are landing in the inbox or spam folder, and it provides guidance on how to improve your email deliverability.

Step-by-Step Guide to Setting Up SPF

Setting up SPF records is a relatively simple process. Here are the steps to follow:

  • Identify the IP addresses that are authorized to send emails on behalf of your domain.
  • Create a TXT record in your DNS settings that specifies the authorized IP addresses.
  • Use a format such as "v=spf1 ip4: -all" to specify the authorized IP addresses.
  • Test your SPF record using a tool such as Sender Check.

For example, if you have a domain called example.com, and you want to authorize the IP address 192.0.2.1 to send emails on behalf of your domain, you can create a TXT record with the following format: "v=spf1 ip4:192.0.2.1 -all". This specifies that the IP address 192.0.2.1 is authorized to send emails on behalf of example.com.

It's also important to note that you should use a "-all" directive at the end of your SPF record to specify that all other IP addresses are not authorized to send emails on behalf of your domain. This helps to prevent spam and phishing attacks by ensuring that only authorized IP addresses can send emails from your domain.

Step-by-Step Guide to Setting Up DKIM

Setting up DKIM records is a more complex process than setting up SPF records. Here are the steps to follow:

  1. Generate a public and private key pair using a tool such as OpenSSL.
  2. Create a TXT record in your DNS settings that specifies the public key.
  3. Configure your email server to use the private key to generate a digital signature for each email.
  4. Test your DKIM record using a tool such as Sender Check.

For example, if you have a domain called example.com, and you want to set up DKIM, you can generate a public and private key pair using OpenSSL. You can then create a TXT record in your DNS settings that specifies the public key, using a format such as "v=DKIM1; k=rsa; p=".

It's also important to note that you should use a selector to specify the location of the public key. For example, you can use a selector such as "selector._domainkey.example.com" to specify the location of the public key.

To validate your BIMI record and VMC, you can use tools such as BIMI Checker. This tool helps to validate your BIMI record and VMC, and it provides guidance on how to set up these records.

Step-by-Step Guide to Setting Up DMARC

Setting up DMARC records is a relatively simple process. Here are the steps to follow:

  • Create a TXT record in your DNS settings that specifies the DMARC policy.
  • Use a format such as "v=DMARC1; p=none; pct=100; rua=mailto:" to specify the DMARC policy.
  • Test your DMARC record using a tool such as Sender Check.

For example, if you have a domain called example.com, and you want to set up DMARC, you can create a TXT record with the following format: "v=DMARC1; p=none; pct=100; rua=mailto:example@example.com". This specifies that the DMARC policy is set to "none", which means that emails that fail DMARC validation will not be blocked or flagged as spam.

It's also important to note that you should use a "pct" directive to specify the percentage of emails that should be subject to DMARC validation. For example, you can use "pct=100" to specify that all emails should be subject to DMARC validation.

To check if your domain is on any blocklists, you can use tools such as Blacklist Monitor. This tool helps to check if your domain is on any blocklists, and it provides guidance on how to remove your domain from these blocklists.

Conclusion

In conclusion, setting up SPF, DKIM, and DMARC records is an essential step in improving email deliverability and preventing spam and phishing attacks. By verifying the identity of the sender, these records help to ensure that legitimate emails are delivered to the recipient's inbox, rather than being blocked or flagged as spam.

By following the step-by-step guides outlined in this article, you can set up SPF, DKIM, and DMARC records and improve your email deliverability. Remember to test your records using tools such as Sender Check and Inbox Placement, and to monitor your email deliverability using tools such as Blacklist Monitor.

For more information on email deliverability and authentication, you can check out our other articles, such as Why Are My Emails Going to Spam? Fix Emails Going to Spam in 2026 and Breaking into Your Customer's Inbox: The Best Way to Ensure Email Deliverability. By following these tips and best practices, you can improve your email deliverability and ensure that your emails are delivered to the recipient's inbox.