What order should I set up SPF, DKIM, and DMARC?

Publish SPF and DKIM first, verify they pass, then add a DMARC record at p=none or quarantine. After monitoring reports and fixing gaps, move to p=reject.

Why is my mail still going to spam?

Authentication is necessary but not sufficient. Check content/engagement, shared IP reputation, and that there aren’t multiple SPF records or a missing DKIM selector.

How strict should DMARC be?

Start with p=none or quarantine while you validate all senders. Move to p=reject once legitimate senders are aligned and you’re receiving clean reports.

Business Email Setup: SPF, DKIM, DMARC

Primary keyword: how to set up spf dkim dmarc small business | Secondary: business email on your domain, dns records explainedBranded email (you@yourbusiness.com) builds trust—and proper authentication keeps it out of spam. This plain‑English guide explains SPF, DKIM, and DMARC and gives you copy‑paste templates you can adapt today.

DNS Management
Submit Ticket

Why branded email matters

Trust & deliverability: a real domain looks professional and passes spam filters more easily.
Control: you own your DNS and can move providers without changing addresses.
Security: authentication makes spoofing/phishing harder and helps inboxes verify you.

SPF, DKIM & DMARC in plain English

Ethernet cables plugged into a network switch representing DNS and records

SPF says who can send mail for your domain (a list of allowed servers/providers).
DKIM adds a digital signature to each message so recipients can verify it wasn’t altered.
DMARC tells receivers what to do when SPF/DKIM fail (none, quarantine, reject) and where to send reports.

Copy‑paste DNS record templates

Start with these and replace yourdomain.com, selectors, and provider includes. A single SPF record only—merge providers by adding multiple include: terms.

SPF  (TXT at @)
v=spf1 a mx include:_spf.yourmailprovider.com ~all

DKIM (TXT at selector1._domainkey)
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A...

DMARC (TXT at _dmarc)
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com; pct=100; adkim=s; aspf=s

Download a plain‑text version you can paste into your DNS: record-templates.txt (included in the ZIP).

How to test your setup

Close-up of a mail application icon on a smartphone screen

Send a message to a Gmail address and open Show original to check SPF/DKIM/DMARC.
Use online testers for SPF syntax and DKIM verification; send DMARC aggregate reports to dmarc@yourdomain.com.
In DNS, verify there’s only one SPF record and that DKIM TXT exactly matches your provider’s key.

Troubleshooting bounces (quick fixes)

SPF: multiple records → merge into one; keep under 10 DNS lookups (include:, a, mx, ptr count).
DKIM: bad selector → confirm the selector name and that the TXT is published at selector._domainkey.yourdomain.com.
DMARC: policy too strict → start with p=none/quarantine while you validate reports, then move to reject.
Alignment fails → ensure the visible From: domain matches SPF/DKIM signing domain (use relaxed r or strict s alignment as needed).

Phishing protection beyond basics

Scrabble tiles spelling phishing to illustrate phishing protection and DMARC

DMARC at reject once you’ve audited all senders.
MFA on mail admin and DNS accounts; rotate API keys for mailing services.
Subdomain strategy (e.g., news.yourdomain.com for newsletters) to isolate risk.
Train staff to spot spoofing and invoice‑fraud attempts.

DNS Management (Services)
Need Help? Submit Ticket

Note: exact SPF/DKIM details differ by provider. If you’re unsure what to include, open a ticket and we’ll review your senders and publish the correct records.