SPF, DKIM and DMARC, explained without the jargon
The three DNS records that decide whether your email reaches the inbox — and how to set them up correctly the first time.
If your email lands in spam, these three records are usually why. Here's the plain-English version.
SPF — who is allowed to send
SPF is a DNS record listing which servers may send mail for your domain. Receiving servers check it. Keep it under 10 DNS lookups and end it with ~all (softfail) or -all (fail).
DKIM — proof it wasn't tampered with
DKIM adds a cryptographic signature to each message. The matching public key lives in DNS. If the signature verifies, the receiver knows the mail is really from you and wasn't altered.
DMARC — what to do when checks fail
DMARC ties SPF and DKIM together and tells receivers what to do with mail that fails: p=none (monitor), p=quarantine, or p=reject. Start at none, watch the reports, then tighten.
Check yours in 30 seconds
You don't have to guess — our free SPF, DMARC and blocklist tools inspect any domain and tell you exactly what to fix. No signup.
200 emails/day free forever, unlimited contacts, data in Germany.
Start free