---
title: "How To Set Up SPF, DKIM, And DMARC For Your Domain? | DMARC Report"
description: "Cyberattacks have become so frequent and sophisticated that it is nearly impossible to completely evade them."
image: "https://dmarcreport.com/og/blog/how-to-set-up-spf-dkim-dmarc-for-your-domain.png"
canonical: "https://dmarcreport.com/blog/how-to-set-up-spf-dkim-dmarc-for-your-domain/"
---

Quick Answer

Cyberattacks have become so frequent and sophisticated that it is nearly impossible to completely evade them. But that does not mean you cannot protect your domain at all, or that all your security efforts will be deemed futile. What you can do is make it difficult for the attackers to misuse your domain for malicious purposes, such as sending phishing.

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fhow-to-set-up-spf-dkim-dmarc-for-your-domain%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=How%20To%20Set%20Up%20SPF%2C%20DKIM%2C%20And%20DMARC%20For%20Your%20Domain%3F&url=undefined%2Fblog%2Fhow-to-set-up-spf-dkim-dmarc-for-your-domain%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fhow-to-set-up-spf-dkim-dmarc-for-your-domain%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fhow-to-set-up-spf-dkim-dmarc-for-your-domain%2F&title=How%20To%20Set%20Up%20SPF%2C%20DKIM%2C%20And%20DMARC%20For%20Your%20Domain%3F "Share on Reddit") [ ](mailto:?subject=How%20To%20Set%20Up%20SPF%2C%20DKIM%2C%20And%20DMARC%20For%20Your%20Domain%3F&body=Check out this article: undefined%2Fblog%2Fhow-to-set-up-spf-dkim-dmarc-for-your-domain%2F "Share via Email") 

![Set Up SPF, DKIM, And DMARC For Your Domain](https://media.mailhop.org/dmarcreport/images/2026/04/dmarc-report-8207.jpg) 

## Try Our Free DMARC Checker

Validate your DMARC policy, check alignment settings, and verify reporting configuration.

[ Check DMARC Record → ](/tools/dmarc-checker/) 

![SPF, DKIM, And DMARC](https://media.mailhop.org/dmarcreport/images/2026/04/what-is-dmarc-3944-150x150.jpg) DMARC Report How To Set Up SPF, DKIM, And DMARC For Your Domain? Play Episode Pause Episode ![Loading](https://dmarcreport.com/wp-content/plugins/seriously-simple-podcasting/assets/css/images/player/images/icon-loader.svg)

Mute/Unmute Episode Rewind 10 Seconds 1x Fast Forward 30 seconds 00:00 / 2:18

Subscribe Share

RSS Feed Share Link Embed

[Cyberattacks](https://www.aljazeera.com/news/2026/3/11/iran-linked-hackers-hit-medical-giant-stryker-in-retaliatory-cyberattack) have become so frequent and sophisticated that it is nearly impossible to completely evade them. But that does not mean you cannot **protect your domain at all**, or that all your security efforts will be deemed futile. What you can do is make it difficult for the attackers to misuse your domain for malicious purposes, such as sending [phishing emails](https://www.cnbc.com/2019/03/27/phishing-email-scam-stole-100-million-from-facebook-and-google.html) or impersonating your business. 

One of the best ways to ensure your [email ecosystem](https://www.axigen.com/mail-server/articles/tag/email-ecosystem/) is secure and that your outgoing emails reach their recipients securely is to implement **SPF, DKIM, and DMARC** for your domain. These [email authentication](/blog/why-email-security-matters-and-how-to-get-it-right/) protocols work together to verify whether the email was actually sent by you or an authorized sender. If not, the receiving server can either flag the message or reject it, depending on the policy you have configured.

In this article, we will understand what these email authentication protocols do and how to configure them to create a more secure email environment, **improve email deliverability**, and reduce the risk of [phishing and spoofing attacks](https://www.msspalert.com/brief/novel-usps-spoofing-phishing-attack-relies-on-malicious-pdfs).

## What is SPF and how can you set it up?

![SPF Record Syntax Explained](https://media.mailhop.org/dmarcreport/images/2026/04/dmarc-check-6422.jpg) 

[Sender Policy Framework (SPF)](/what-is-spf/) is the first line of defence in your email authentication setup. This authentication standard allows you to define which sending servers and addresses are authorized to send emails on your behalf. This helps the **receiving server verify** that the incoming email is from an authorized source. 

To set up SPF, you first need to publish a [TXT record](https://www.digicert.com/faq/dns/what-is-a-txt-record) in your **domain’s DNS**. This record should contain all your authorized sending sources that send emails on behalf of your domain.

A basic SPF record should look like:

```
v=spf1 include:_spf.google.com ~all
```

Here, “**include:\_spf.google.com**” specifies that Google’s [mail servers](https://www.activecampaign.com/glossary/mail-server) are authorized to send emails on your behalf, while \~all tells receiving servers to [treat emails](https://www.globaldayofunplugging.org/unplug-blog/how-to-treat-ie-ignore-your-emails-for-a-relaxing-vacation) from any unauthorized sender as suspicious.

_It might seem like SPF is only about listing all the authorized sources and publishing them in the DNS, but that’s only one part of the process._ While you’re listing your legitimate servers, make sure that you include every **email service** or [third-party platform](https://www.lawinsider.com/dictionary/third-party-platforms). Missing out on even a single sender might cause your legitimate emails to fail SPF checks and get sent to spam or rejected completely. At the same time, adding too many services without properly managing your [SPF record](/blog/how-to-configure-microsoft-365-spf-records-for-secure-email/) can exceed [DNS lookup limits](https://developers.cloudflare.com/dmarc-management/dns-lookup-limits/), leading to SPF failures.

If your SPF record is running into errors or your emails are failing SPF checks, you can use [DMARCReport’s SPF record lookup tool](/tools/spf-checker/) to identify missing senders, syntax issues, or DNS lookup limit problems.

## What is DKIM and how can you set it up?

![How DKIM Authentication Works](https://media.mailhop.org/dmarcreport/images/2026/04/gmail-dmarc-9705.jpg) 

DKIM, or [DomainKeys Identified Mail](/blog/dkim-best-practices-essential-guidelines-for-email-authentication/), is an authentication protocol that adds a [digital signature](https://www.techtarget.com/searchsecurity/definition/digital-signature) to your**outgoing emails** to prove to the receiving server that the email sent from your domain is indeed authentic and hasn’t been tampered with along the way. 

So, when the email reaches the receiving server, it compares the [DKIM signature](https://docs.mapp.com/docs/dkim-signature) in the [email header](https://www.campaignmonitor.com/resources/knowledge-base/what-is-an-email-header/) with the public key published in your DNS. If the two match, the email passes the **DKIM check**.

To set up DKIM for your domain, first head over to your [email service provider’s](https://www.icontact.com/define/email-service-provider/) admin console, where you can generate the public key. Once you have the selector name and [public key](https://www.coursera.org/in/articles/public-key) provided by the ESP, add them to your domain’s **DNS as a TXT record**. _After the DNS record is published, go back to your email provider’s admin console and enable DKIM signing for your domain._ From that point on, all your emails will be signed with DKIM. 

However, if your emails are failing DKIM checks or your DKIM record is not configured correctly, you can run your DKIM record through [DMARCReport’s DKIM Record Lookup tool](/tools/dkim-lookup/) to **identify syntax issues**, missing selectors, or invalid public keys.

## What is DMARC and how can you set it up?

![DMARC Policies Explained](https://media.mailhop.org/dmarcreport/images/2026/04/dmarc-analyzer-6581.jpg) 

[DMARC](/) (Domain-based Message Authentication, Reporting and Conformance) builds on SPF and DKIM by telling the receiving servers how they should tackle the emails that fail authentication checks. In other words, it allows you to decide what to do with the emails that fail both **SPF and DKIM checks**. You can either get them delivered as is, [send them to spam](https://cybernews.com/news/microsofts-breach-notification-emails-end-up-in-spam-folder/), or reject them altogether. 

To configure DMARC, you need to publish a TXT record in your domain’s DNS. This record defines your [DMARC policy](/blog/what-is-a-dmarc-policy-and-how-does-it-affect-sending-my-emails/) and tells receiving servers how to handle emails that fail authentication checks.

Here’s what a DMARC record looks like:

```
“v=DMARC1; p=none; rua=mailto:reports@example.com”
```

_Here, “p=none” is the policy you define that determines what happens to the unauthenticated emails._

In this case, ‘none’ means the emails will still be delivered, but you will receive [DMARC reports](/blog/how-to-read-dmarc-reports-guide-2026/) about them.

![The Definitive Guide to Domain Authentication Protocols](https://media.mailhop.org/dmarcreport/images/2026/04/what-is-dmarc-7953.jpg) 

Once you are confident that all your legitimate senders are properly configured for SPF and DKIM, you can change the **policy to quarantine**, which sends suspicious emails to spam, or reject, which blocks them completely.

If your DMARC record is not working as expected, you can use [DMARCReport’s DMARC Record Checker](/tools/dmarc-checker/) to check alignment settings, **verify reporting configuration**, and detect duplicate records or missing authorization.

While configuring email authentication protocols is not as complicated as it seems, even a small mistake in SPF, DKIM, or DMARC records can affect your [email deliverability](/blog/improve-email-deliverability-dmarc-spf-dkim-alignment-check-guide/) and leave your domain exposed to phishing or spoofing attacks. This is why it is important to **regularly monitor your records** and leverage the right tools that help you identify the gaps before they become a major problem. 

You can rely on DMARCReport’s suite of email authentication tools to monitor your SPF, DKIM, and DMARC records, spot any configuration issues, and **protect your domain** against [email-based attacks](https://www.trendmicro.com/vinfo/us/security/news/threat-landscape/email-threat-landscape-report-evolving-threats-in-email-based-attacks). To know more about our tools, [get in touch with us](/contact/)!

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ dmarc record ](/tags/dmarc-record/)[ SPF ](/tags/spf/) 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Uncategorized 3m  4 situations in which you should use the DMARC’s p=none policy  Nov 13, 2024 ](/blog/4-situations-when-to-use-dmarc-p-none-policy-effectively/)[  Uncategorized 8m  Best DMARC Tools for 2025  Oct 9, 2025 ](/blog/best-dmarc-tools-for-2025/)[  Uncategorized 13m  What are the best practices for setting a strict DMARC policy when sending to Gmail addresses?  Mar 12, 2026 ](/blog/best-practices-setting-strict-dmarc-policy-sending-gmail-addresses/)[  Uncategorized 12m  What are the common problems a DMARC generator can help me discover and fix?  Feb 27, 2026 ](/blog/common-problems-dmarc-generator-helps-discover-and-fix/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"How To Set Up SPF, DKIM, And DMARC For Your Domain?","description":"Cyberattacks have become so frequent and sophisticated that it is nearly impossible to completely evade them.","url":"https://dmarcreport.com/blog/how-to-set-up-spf-dkim-dmarc-for-your-domain/","datePublished":"2026-04-24T14:41:35.000Z","dateModified":"2026-04-24T14:41:39.000Z","dateCreated":"2026-04-24T14:41:35.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/how-to-set-up-spf-dkim-dmarc-for-your-domain/"},"articleSection":"uncategorized","keywords":"dkim, DMARC, dmarc record, SPF","wordCount":990,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2026/04/dmarc-report-8207.jpg","caption":"Set Up SPF, DKIM, And DMARC For Your Domain","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Uncategorized","item":"https://dmarcreport.com/uncategorized/"},{"@type":"ListItem","position":4,"name":"How To Set Up SPF, DKIM, And DMARC For Your Domain?","item":"https://dmarcreport.com/blog/how-to-set-up-spf-dkim-dmarc-for-your-domain/"}]}
```