Email Deliverability: SPF, DKIM and DMARC Explained
These three records tell the world your emails are really from you — and keep them out of the spam folder.
There are few things more frustrating than sending an important email and finding it buried in a customer's spam folder. Often the cause is not your message but your email authentication — the behind-the-scenes records that prove your mail is genuine.
SPF, DKIM, and DMARC are the three records that do this. They sound cryptic, but the concept is simple, and getting them right makes a real difference to whether your emails arrive.
Why emails end up in spam
Email was built in a more trusting age, and it is easy for scammers to forge the sender address. To fight this, mail providers now check whether incoming messages can be proven to come from where they claim. Messages that cannot be verified get treated with suspicion.
If your domain has no proper authentication, your legitimate emails can be lumped in with the fakes. Worse, scammers can impersonate your business to your own customers, which damages trust and can do real harm to your reputation.
What the three records do
SPF lists which servers are allowed to send email for your domain, so receivers can check whether a message came from an authorised source. DKIM adds a digital signature that proves the message was not tampered with in transit and genuinely came from you.
DMARC ties the two together. It tells receiving servers what to do with messages that fail the checks — ignore, quarantine, or reject them — and can report back on who is sending mail using your domain, including any impersonators.
Getting them set up
These records live in your domain's DNS as TXT entries. Setting them correctly takes a little care, because a mistake can stop your legitimate email being delivered as easily as it stops the fakes.
The usual approach is to set them up, start DMARC in a gentle reporting-only mode, watch what comes through, then tighten the rules once you are confident only your genuine mail is passing. Done properly, your deliverability improves and your domain becomes far harder to impersonate.
Common questions.
Do I need all three records?
Can setting these up break my email?
How do I know whether my emails are currently landing in spam?
Turn this into action.
The services behind this guide.
More on website care & tech.
Want a hand putting this into practice?
Book a free, no-obligation consultation with a Norwich-based specialist.
Let's put your business in a better light.
Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.