Hackers have adopted sophisticated ways to spoof emails and attempt cybercrime using your companies’ names. SPF DKIM DMARC helps avert their efforts from succeeding by evaluating the authenticity of email senders. Financial, SaaS, and e-commerce are among the top 3 industries targeted by phishers with compromised percentages of 23.6%, 20.5%, and 14.6% respectively.

Here, we are focusing on explaining SPF DKIM DMARC- the foundational elements of email authentication

What are SPF, DKIM, and DMARC?

Together SPF DMARC DKIM prevents unauthorized entities from using your domain to send fraudulent emails to your prospects, clients, employees, third-party vendors, stakeholders, etc. SPF and DKIM help demonstrate the legitimacy while DMARC instructs the receiver’s email server on what to do with emails failing authenticity checks. Let’s discuss what is SPF DKIM and DMARC in detail.


Sender Policy Framework or SPF is a way where domain owners enlist all the servers allowed to send emails using their domain. This is done by creating a TXT SPF record that is published to DNS. If a sending IP is not on the list, authentication fails, and the email is either completely rejected by the recipient’s mailbox or marked as spam. If you already have an SPF record, use our SPF record checker to ensure it’s error-free. 

However, SPF has a few limitations; it breaks when a message is forwarded which means threat actors can spoof the display name or the From address. 


DomainKeys Identified Mail or DKIM lets domain owners automatically sign emails sent from their domain. This works like how you sign bank checks to validate their authenticity. DKIM signature is a digital signature working on the cryptography model. 

It proceeds by storing a public key in a DKIM record. The receiving mail server can access this record to get the public key. On the other hand, there’s a private key secretly stored by the sender who signs the email header with it. Receiving mail servers verify the sender’s private key by comparing it with the easily accessible public key.


Domain Message Authentication Reporting and Conformance instruct the receiver’s server that what to do with emails failing SPF, DKIM, or both. This is done by selecting one of the policies- none, quarantine, and reject. As per the ‘none’ policy, no action is taken against messages failing validation checks. ‘Quarantine’ means unauthentic emails will land in the spam folder and the ‘reject’ policy completely bars the entry of such emails from the receiver’s mailbox. 

DMARC policies are set in a DMARC record which also stores instructions to send reports to domain administrators about all the emails passing or failing validation checks. If you have already implemented a DMARC policy, use our free DMARC record lookup tool to fish for possible errors.

Where are SPF, DKIM, and DMARC Records Stored?

SPF DKIM DMARC records are stored in a publicly available and accessible Domain Name System or DNS. It is like a phonebook enlisting IP addresses and their corresponding domain names. So, whenever you enter a domain name in your browser’s search box, DNS takes you to the corresponding IP address. It’s not practically possible for humans to memorize alphanumerical IP addresses of all the websites, and that’s where DNS comes in handy.

SPF DKIM DMARC checks are dependent on this concept as their records are stored as DNS TXT records. This record is accessed for various reasons as it can contain any arbitrary text.

The Importance of SPF, DKIM, and DMARC

Email authentication is important for protecting your brand against cyberattacks attempted using phishing and impersonation techniques. Email authentication relies on SPF DKIM DMARC standards. Here’s why you need to implement them:

  • They ensure your domain name can’t be forged and misused.
  • They help you prevent phishing, spamming, ransomware attacks, etc. planned and attempted in your business’s name.
  • They improve your domain’s email deliverability rate. A poor email deliverability rate impacts internal communication, marketing and PR campaigns, customer retention rate, etc.

How to Set Up SPF, DKIM and DMARC?

Follow these instructions to set up SPF DKIM DMARC to protect your domain and email conversations.

  1. Set up SPF for your domain.
  2. Set up DKIM for your domain.
  3. Set up a mailbox to receive reports for monitoring and evaluation.
  4. Use the main hosting sign-in details and check if there’s an existing DMARC record.
  5. Reset DMARC policy.

General SPF Set Up

  1. Login to the Sender Console.
  2. Select Settings.
  3. Select Domains.
  4. The following screen will appear.
    General SPF Set Up
  5. Click on Check SPF/DKIM records.

Wait for 72 hours, the settings changed would be implemented. Once done, you can use our SPF record lookup tool to ensure an error-free record.

General DKIM Set Up

You can easily set up DKIM by generating a DKIM record using PowerDMARC’s free DKIM record generator. You just have to enter your domain name in the box and click on the Generate DKIM record button. You will get a pair of private and public DKIM keys. Publish the public key on your domain’s DNS and you are done.

General DMARC Set Up

Use our free DMARC generator and create a new DMARC record.

  1. Choose your DMARC policy.
  2. Click on Generate
  3. Copy the TXT record to the clipboard and paste it on your DNS to activate the protocol

DMARC record generator

Wrapping Up

Once you have set up DKIM SPF DMARC, start monitoring the reports to notice suspicious activities. Remember, together these authentication protocols reduce the risk of spamming and phishing, but they don’t shield against all email-based cybercrimes. Thus, it’s important to invest in employee education and awareness as well.