Share this lesson

Set up your DKIM, SPF and DMARC

Setting up SPF, DKIM, and DMARC ensures your emails are authenticated. This helps prevent phishing, email spoofing, and improves deliverability. Without these, your emails could end up in spam or get rejected by email servers.

How to set up SPF?

SPF (Sender Policy Framework) verifies that an email sender is authorized to send messages from your domain. This is managed by your domain provider.

1
Go to your DNS provider’s dashboard.
2
Find the option to manage DNS records.
3
Add or update a TXT record like this:
  • v=spf1 include:<your_email_service_provider> -all
4
Save the record and wait for it to update (this can take up to 72 hours).

Common Errors:

  • Multiple SPF records: You should only have one SPF record.
    • Fix: Merge multiple SPF records into one by adding several “include:” clauses. If you’re unsure, ask your domain provider for the correct SPF value.
  • SPF Fail: This happens when unauthorized servers try to send emails from your domain.
    • Fix: Make sure all email services you use are added to the SPF record.

How to set up DKIM?

DKIM (DomainKeys Identified Mail) adds a digital signature to your emails to ensure they haven’t been changed during transmission. Your email provider manages this.

1
In your email provider’s dashboard, generate DKIM keys.
2
Go to your DNS provider’s dashboard.
3
Add a TXT record with the public key your email provider gave you:
  • v=DKIM1; k=rsa; p=<public_key>
4
Save the record and wait for it to update.
5
Enable DKIM in your email provider’s settings (sometimes this is automatic).

Common Errors:

  • Key too small: Some DNS providers limit key sizes, which can cause problems.
    • Fix: Use a provider that supports larger records or shorten the key. If needed, contact your email provider for the correct DKIM value.
  • DKIM mismatch: The DKIM signature doesn’t match the public key.
    • Fix: Double-check the key in DNS and your email provider settings.

How to set up DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties together SPF and DKIM. It helps email servers decide what to do with emails that fail SPF or DKIM checks.

1
Go to your DNS provider’s dashboard.
2
Add a new TXT record like this:
  • v=DMARC1; p=none; rua=mailto:<your_email_for_reports>;
3
Choose your policy:
  • none: No action is taken. Use this for monitoring to see how many emails fail authentication.
  • quarantine: Emails that fail go to the spam folder.
  • reject: Emails that fail are blocked completely. Only use this when you’re confident your authentication works perfectly.
4
Save the record and wait for it to update (up to 72 hours).

Common Errors:

  • Too strict policies (reject/quarantine): Applying strict policies too soon can block legitimate emails.
    • Fix: Start with “none,” then move to “quarantine” or “reject” once you’re confident.

Not using lemlist yet?

Copied