SPF, DKIM, DMARC
📖 3 min readUpdated 2026-04-19
Authentication records tell receiving servers your email is actually from you. Required for deliverability in 2026.
SPF
Lists authorized IPs that can send from your domain. TXT record.
DKIM
Cryptographic signature on every email. Proves the message wasn't modified.
DMARC
Policy telling receivers what to do with unauthenticated mail. Also provides reporting.
All three
Gmail and Yahoo require all three for senders of 5000+ emails/day as of 2024. No exceptions.
What to do with this
- Configure SPF + DKIM + DMARC on every sending domain, missing any one drops deliverability hard post-2024 Gmail/Yahoo rules
- Start DMARC with p=none for monitoring, tighten to quarantine or reject only after 2-4 weeks of clean authentication data
- Test at mail-tester.com, require 9+/10 score before scaling to real sends
- Monitor Gmail Postmaster + Microsoft SNDS weekly, they're the canonical window into each mailbox provider's reputation view
- Keep DNS records in sync when you migrate ESPs, orphaned or wrong records tank deliverability silently