Securing your email is crucial to protecting your business, customers, and reputation. SPF, DKIM, and DMARC are three powerful tools that help prevent attackers from sending fake emails using your domain—and they ensure your messages get delivered.
Why Email Security Matters
- Without proper setup, spammers and hackers can send fake emails from your domain.
- These fake emails damage your reputation and may trick your customers.
- Emails you send may also go to spam folders if your domain isn’t secured.
✅ SPF, DKIM, and DMARC help ensure your emails are trusted, delivered, and secure.
What Is SPF?
SPF (Sender Policy Framework) allows you to specify which mail servers are allowed to send emails from your domain.
✅ Blocks forged emails that appear to come from you
✅ Tells receiving servers who’s allowed to send on your behalf
✅ Increases your deliverability by proving trust
How to Set Up SPF
Step 1: Choose Your SPF Record
🟢 If using Google Workspace only:
v=spf1 include:_spf.google.com ~all
🟠 If using Google + other email services:
v=spf1 include:_spf.google.com include:mail.zendesk.com ~all
Step 2: Add SPF to Your Domain
- Log in to your domain provider (like GoDaddy, Namecheap, etc.)
- Find the DNS or TXT Records section.
- Add a new TXT record with your SPF settings.
- Save and apply changes.
📌 Only one SPF TXT record per domain is allowed. Combine services into one if needed.
What Is DKIM?
DKIM (DomainKeys Identified Mail) adds a unique digital signature to each email your domain sends.
✅ Proves the message was not changed after you sent it
✅ Shows the email really came from you
✅ Builds trust with mail providers like Gmail, Outlook, Yahoo
How to Set Up DKIM
- Go to your email provider’s admin console (e.g., Google Admin for Workspace).
- Find the DKIM settings section and generate a key.
- Add a TXT record in your DNS with the key provided.
- Enable DKIM signing in your email system.
📌 Each email will now be “signed” with your domain’s secure key.
What Is DMARC?
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is the final layer of protection that checks whether both SPF and DKIM pass, and tells receiving servers what to do if they fail.
✅ Prevents spammers from using your domain
✅ Tells email systems whether to allow, reject, or quarantine unverified messages
✅ Sends reports so you can track who is sending mail from your domain
How to Set Up DMARC
Step 1: Make Sure SPF and DKIM Are Working
✅ Both must be set up before DMARC will work.
Step 2: Add a DMARC Record to DNS
Start with a “monitor only” policy:
Host/Name: _dmarc
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:[email protected]
You can later change p=none to:
- p=quarantine – Send suspicious emails to spam
- p=reject – Block unverified emails entirely
Step 3: Monitor and Adjust
✅ Review the DMARC reports sent to your email.
✅ As you get more confident, move from none ➡ quarantine ➡ reject.
Resources
🎥 SPF Setup Guide (YouTube)
🎥 What Are SPF & DKIM (YouTube)
🎥 What Is DMARC (YouTube)
📖 Google Help: Prevent Spoofing, Phishing, and Spam
🔧 DMARC Record Generator
🔧 SPF Record Tester
Final Tips
✅ Set up SPF, DKIM, and DMARC in that order
✅ Always test your DNS records after making changes
✅ Monitor DMARC reports to catch unauthorized senders
✅ Update records if you change email services or platforms