Docs / DNS & Domains / How to Configure SPF DKIM and DMARC

How to Configure SPF DKIM and DMARC

By Admin · Feb 25, 2026 · Updated Apr 24, 2026 · 32 views · 1 min read

Overview

SPF, DKIM, and DMARC are email authentication mechanisms that prevent spoofing and improve deliverability. Together, they form a layered defense that tells receiving servers how to verify your emails.

SPF (Sender Policy Framework)

SPF specifies which servers are authorized to send email for your domain. Add a TXT record:

example.com.  IN  TXT  "v=spf1 mx a ip4:198.51.100.10 ~all"

Breakdown:

  • mx — allow servers listed in MX records
  • a — allow the IP in the A record
  • ip4:198.51.100.10 — explicitly allow this IP
  • ~all — soft-fail everything else (use -all for strict rejection)

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to outgoing emails. First, generate a key pair:

sudo opendkim-genkey -s mail -d example.com

Add the public key as a TXT record:

mail._domainkey.example.com.  IN  TXT  "v=DKIM1; k=rsa; p=MIGf..."

DMARC (Domain-based Message Authentication)

DMARC tells receiving servers what to do when SPF and DKIM checks fail:

_dmarc.example.com.  IN  TXT  "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=100"

Policy options: none (monitor only), quarantine (mark as spam), reject (block entirely).

Testing Your Setup

Use tools like dig to verify your records:

dig TXT example.com
dig TXT mail._domainkey.example.com
dig TXT _dmarc.example.com

Was this article helpful?

Related Articles