If you want to land cold emails in the inbox, you need to prove you're legit. That starts with SPF, DKIM, and DMARC.
This guide breaks down what they are, how they work, and how to set them up with clear examples.
Why Email Authentication Matters
These protocols let email providers verify your identity. Without them, your emails are at risk of:
- Being flagged as spoofing/phishing
- Going straight to spam
- Getting blocked entirely
What is SPF?
Sender Policy Framework (SPF) is a DNS record that tells email servers which IPs are allowed to send on your domain's behalf.
Example SPF Record (TXT)
v=spf1 include:mailgun.org ~all
Where to set it:
- Your domain registrar's DNS settings (e.g., GoDaddy, Namecheap)
What is DKIM?
DomainKeys Identified Mail (DKIM) digitally signs your emails. It verifies the message wasn't tampered with in transit.
Example DKIM YAML Snippet
selector1._domainkey.yourdomain.com:
v: DKIM1
k: rsa
p: YOUR_PUBLIC_KEY
Check your email platform for the exact keys.
What is DMARC?
Domain-based Message Authentication, Reporting & Conformance (DMARC) tells receivers what to do if SPF or DKIM fails.
Example DMARC Record (TXT)
v=DMARC1; p=quarantine; rua=mailto:postmaster@yourdomain.com
- p=none (just monitor)
- p=quarantine (send to spam)
- p=reject (block email)
Setup Checklist
- ✅ Add SPF to your DNS
- ✅ Add DKIM to your DNS
- ✅ Add DMARC to monitor/report (start with p=none)
- ✅ Monitor results with tools like DMARCian or Postmark
Using an email validator like Magnetic Proxy's API ensures you’re sending only to real, safe contacts.