DMARC, SPF, DKIM - Email Sending Requirements

DMARC, DKIM, and SPF are three email authentication methods. Together, they help prevent spammers, phishers, and other unauthorized parties from sending emails on behalf of a domain they do not own. DMARC tells mail servers what to do when DKIM or SPF fail, whether that is marking the failing emails as "spam," delivering the emails anyway, or dropping the emails altogether.

Back in October 2023, Google and Yahoo jointly announced new email sender requirements for inbound mail to their domains that they would be putting in place early February 2024. If you do not have a DMARC record, the one we are suggesting below (ex. v=DMARC1; p=none;) is the minimal valid record. It is safe to add without having any adverse impacts on any of your organizations mail, and will be useful for establishing the legitimacy of the email you’re sending.


What is DMARC? Domain-based Message Authentication Reporting and Conformance (DMARC) is a method of authenticating email messages. A DMARC policy tells a receiving email server what to do after checking a domain's Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) records, which are additional email authentication methods.

Host Name:  _dmarc
Record Type:  TXT
Address:  v=DMARC1; p=none;

Example Record:

Check Your DMARC Record:

Add your DMARC record:
Read more on DMARC:

2. SPF

What is SPF? A sender policy framework (SPF) record is a type of DNS TXT record that lists all the servers authorized to send emails from a particular domain. A DNS TXT (“text”) record lets a domain administrator enter arbitrary text into the Domain Name System (DNS). TXT records were initially created for the purpose of including important notices regarding the domain, but have since evolved to serve other purposes.

SPF DNS Setup:
Host Name:  @
Record Type:  TXT
Address Example (Google Workspace):  v=spf1 ~all
Address Example (Microsoft 365): v=spf1 ~all
Address Example (Two Combined): v=spf1 ~all

Example Record:

Check Your SPF Record:

Adding SPF at your domain provider:
Read more on SPF:
Read more on multiple SPF Records:


What is DKIM? DomainKeys Identified Mail (DKIM) is a method of email authentication that helps prevent spammers and other malicious parties from impersonating a legitimate domain.

Generate New Record:
DKIM Key Bit 2048 or 1024 (Enom Example)
Host Name:  *** generated at your email host ***
Record Type:  TXT OR CNAME depending
Address: Note: This is generated at your email host. View the example in the photo, this is a example in Google Workspace.

Example Record:

MS 365 Example -
CNAME Host Name : selector1._domainkey
Points to address or value:
CNAME Host Name : selector1._domainkey
Points to address or value:

Check Your DKIM Record:

Some Registrars such as ENOM only support 1024 bit DKIM keys.
Turn on DKIM for your domain at Google Workspace:
Read more on DKIM:

Additional reading: - MX Record, SPF, DKIM & DMARC Lookup tool

Still need help or don't want to DIY?

We have maintenance service and website update packages available. Please fill out a ticket and a 3plains representative will reach out to you with details on pricing and packages.

Last Updated: 2024-07-02

Back to Email

© 2024 3plains. Powered by 3plains CMS

Back To Top