Set up SPF, DKIM and DMARC to stop emails landing in spam
Email authentication explained in plain English, with copy-paste DNS records.
9 min read advancedUpdated Apr 8, 2025
BI
Reviewed by the editorial team · Apr 8, 2025
Step by step
- 01
SPF: list authorized senders
TXT @ → 'v=spf1 include:_spf.google.com include:mailgun.org ~all'
- 02
DKIM: cryptographic signature
Your sending service (Workspace, SendGrid) generates the key — add the TXT record.
- 03
DMARC: policy + reporting
TXT _dmarc → 'v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com' (start with p=none).
- 04
Monitor reports for 2 weeks
Use Postmark's free DMARC monitoring.
- 05
Upgrade policy to p=quarantine, then p=reject
Only after reports show no legitimate sender is failing.
IT & Technical · Done-for-you
Want the boring tech handled?
We set up domains, email, SSL, security and integrations so nothing breaks.
Book a tech call