Home Guides About Contact Privacy Terms

Beginner’s Guide to SPF, DKIM, and DMARC

Category: Guides Updated: 2026-02-15

Beginner’s Guide to SPF, DKIM, and DMARC

Email deliverability is not only about sending successfully, but also about trust. SPF, DKIM and DMARC are widely used authentication mechanisms that reduce spoofing and improve inbox placement. This guide explains what each one does and how to roll them out safely.

SPF: authorize sending servers

SPF is a DNS TXT record that tells recipients which IPs/hosts are allowed to send mail for your domain.

  • Typical form: v=spf1 ... ~all
  • Common pitfall: forgetting to include all providers that send on your behalf.

Common SPF patterns (ideas)

  • Only allow a specific IP: v=spf1 ip4:YOUR_IP ~all
  • Allow providers using include mechanisms provided by the vendor.

DKIM: cryptographic signatures

DKIM adds a signature header to messages. Recipients verify it using a public key stored in DNS (usually under selector._domainkey).

  • Generate a key pair: private key in your sending system, public key in DNS.
  • Most email providers (SES/SendGrid/Mailgun) provide ready-to-copy DNS records.

Selector tips

  • Use default or a versioned selector like s2026.
  • For rotation, publish a new selector first, switch signing, then retire the old one.

DMARC: policy and reporting

DMARC builds on SPF/DKIM and defines recipient handling (none/quarantine/reject) and reporting (rua/ruf).

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; adkim=s; aspf=s

Safe rollout

  1. Start with p=none for 1-2 weeks and monitor reports.
  2. Move to p=quarantine after you confirm alignment is correct.
  3. Use p=reject when you are confident you will not block legitimate mail.

How to verify

  • Send a test email and inspect headers for spf=pass, dkim=pass, dmarc=pass.

FAQ

Should I start with reject?

No. Start with p=none, monitor reports, then tighten gradually.

Why SPF passes but DMARC fails?

Often due to alignment rules between the From domain and SPF/DKIM identity, depending on relaxed/strict settings.

How does this relate to this project?

This project validates the “content and receiving flow” during development. SPF/DKIM/DMARC improve the “trust and deliverability” of production mail. Use both to cover end-to-end email quality.

← Back to guides ← Previous
Friend links: Baidu Sina © 2026 Temp Mail