Email authentication sounds technical, but it's essential for deliverability. Here's the step-by-step setup.
Why This Matters
Without proper authentication:
- Emails land in spam more often
- Your domain can be spoofed by bad actors
- Receiving servers don't trust you
SPF Setup (10 minutes)
SPF tells the world which servers can send email from your domain.
Step 1: Go to your DNS provider (GoDaddy, Cloudflare, etc.)
Step 2: Add a TXT record:
- Name/Host: @ (or leave blank)
- Value: `v=spf1 include:_spf.google.com ~all`
(Replace with your email provider's SPF include)
Step 3: Wait for propagation (up to 48 hours, usually faster)
Common SPF includes:
- Google: `include:_spf.google.com`
- Microsoft: `include:spf.protection.outlook.com`
- Mailchimp: `include:servers.mcsv.net`
DKIM Setup (15 minutes)
DKIM adds a cryptographic signature to prove your emails are legit.
Step 1: Generate DKIM keys in your email provider's admin panel
Step 2: Add the TXT record they provide to your DNS
Step 3: Enable DKIM signing in your email settings
Step 4: Test with [mail-tester.com](https://www.mail-tester.com)
DMARC Setup (10 minutes)
DMARC tells receiving servers what to do when SPF/DKIM fail.
Start with monitoring mode: Add this TXT record:
- Name: _dmarc
- Value: `v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com`
After 2-4 weeks of clean reports, tighten: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com
Eventually move to reject: v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourdomain.com
Verification
Use these tools to verify your setup:
- [MXToolbox SPF Check](https://mxtoolbox.com/spf.aspx)
- [Mail-Tester](https://www.mail-tester.com)
- [DMARC Analyzer](https://www.dmarcanalyzer.com)
Green checks across the board = you're good to go.