Guide

Email Deliverability: SPF, DKIM and DMARC Explained

These three records tell the world your emails are really from you — and keep them out of the spam folder.

There are few things more frustrating than sending an important email and finding it buried in a customer's spam folder. Often the cause is not your message but your email authentication — the behind-the-scenes records that prove your mail is genuine.

SPF, DKIM, and DMARC are the three records that do this. They sound cryptic, but the concept is simple, and getting them right makes a real difference to whether your emails arrive.

Why emails end up in spam

Email was built in a more trusting age, and it is easy for scammers to forge the sender address. To fight this, mail providers now check whether incoming messages can be proven to come from where they claim. Messages that cannot be verified get treated with suspicion.

If your domain has no proper authentication, your legitimate emails can be lumped in with the fakes. Worse, scammers can impersonate your business to your own customers, which damages trust and can do real harm to your reputation.

What the three records do

SPF lists which servers are allowed to send email for your domain, so receivers can check whether a message came from an authorised source. DKIM adds a digital signature that proves the message was not tampered with in transit and genuinely came from you.

DMARC ties the two together. It tells receiving servers what to do with messages that fail the checks — ignore, quarantine, or reject them — and can report back on who is sending mail using your domain, including any impersonators.

Getting them set up

These records live in your domain's DNS as TXT entries. Setting them correctly takes a little care, because a mistake can stop your legitimate email being delivered as easily as it stops the fakes.

The usual approach is to set them up, start DMARC in a gentle reporting-only mode, watch what comes through, then tighten the rules once you are confident only your genuine mail is passing. Done properly, your deliverability improves and your domain becomes far harder to impersonate.

FAQs

Common questions.

Do I need all three records?
Ideally yes. SPF and DKIM do the verification, and DMARC tells receivers what to do and reports back. Together they give the strongest protection and best deliverability.
Can setting these up break my email?
A misconfiguration can block legitimate mail, which is why it is set up carefully and DMARC is eased in gradually rather than enforced from day one.
How do I know whether my emails are currently landing in spam?
Sending a test email to a free Gmail or Outlook account and checking whether it lands in the inbox or junk folder is the quickest first check. We also use dedicated tools that analyse your full email path and show exactly where deliverability is breaking down.
How we can help

Turn this into action.

The services behind this guide.

Related guides

More on website care & tech.

Want a hand putting this into practice?

Book a free, no-obligation consultation with a Norwich-based specialist.

Book a free consultation
Get started

Let's put your business in a better light.

Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.

  1. 01
    Tell us a bitFill in the form — two minutes, tops.
  2. 02
    We'll call you backWithin one working day, no pressure.
  3. 03
    Get a clear planHonest advice and a fixed quote.

Free · No obligation · We reply within one working day

Book a free consultation