Guide
DNS Guide: SPF, DKIM and DMARC
Complete email authentication setup walkthrough. The 3 DNS records every sender needs.
Three DNS records protect your domain reputation and stop spammers from forging email from your address. Set them up once - they pay back forever.
SPF
Lists which mail servers can send email from your domain. -all means strict: anything not listed is rejected.
Record Type
TXT
Name / Host
@ (root domain)
Value
v=spf1 include:spf.brevo.com -all
DKIM
Cryptographic signature that proves the email was not tampered with in transit. Get the public key from your email provider dashboard.
Record Type
TXT
Name / Host
mail._domainkey
Value
v=DKIM1; k=rsa; p=<public_key_from_provider>
DMARC
Policy + reporting. Start with p=none to monitor for 2 weeks, then move to p=quarantine, finally p=reject when confident.
Record Type
TXT
Name / Host
_dmarc
Value
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
Verification
Use these free tools to verify your records propagated correctly:
- - MXToolbox SuperTool - all-in-one DNS lookup
- - Mail Tester - send a test email and get a deliverability score
- - Google Postmaster Tools - track your sender reputation at Gmail