Skip to main content
Gmail: How to set up your DKIM, SPF and DMARC

Increase your chances to land in the primary tab by setting up your DKIM, SPF and DMARC records

Updated over a month ago

Implementing DKIM, SPF, and DMARC configurations is vital for safeguarding your reputation and enhancing email deliverability, thereby increasing the likelihood of receiving responses when reaching out to creators.

Before delving into the details, it's important to understand that DKIM, SPF, and DMARC records are integral components found in your DNS settings within your domain provider (e.g., GoDaddy, SquareSpace, Namecheap, etc.). It's essential to note that these settings are managed on your domain provider's end, not by Upfluence.

  • DKIM and DMARC authentication is required beginning February 2024 following upcoming changes by Gmail and Yahoo regarding authentication requirements. Upfluence highly recommends all senders set up DKIM and DMARC.

  • Before doing these modifications, please, contact your IT department to make sure it has already been done. It's a requirement that apply to all companies that are bulk sending emails with third-party tools (cold mailing, SDR emails, etc.).

Why do you need DMARC, SPF and DKIM?

Phishing and email spam pose significant risks for hackers to infiltrate networks. Clicking on a malicious email attachment by a single user can jeopardize an entire enterprise with ransomware, data leaks, or privilege escalation exploits. It's less known why enterprises require protocols like DKIM, DMARC, and SPF to secure their email infrastructures. These protocols complement each other, and most businesses likely require all three. Instructions for implementing DKIM are available for Google and cPanel users, including guidance on generating domain keys and configuring DNS records. Validate the DKIM keys in your email headers using an online tool after implementation.

How to set them up?

This tutorial has been made for Gmail users only.

DKIM

  • Log in to Google Admin: admin.google.com

  • In the Admin console, go to Menu ➡️ Apps ➡️ Google Workspace ➡️ Gmail.

  • Generate a DKIM Key.

  • Create a DNS TXT Record with the DKIM key generated in the previous step.

  • For this, you will need to go to your domain provider. e.g. GoDaddy, Squarespace, Namecheap, etc.

  • After creating the DNS TXT record in your domain with the DKIM Key, you can start Authenticating.


SPF

  • Sign in to your domain account on your domain host's site (not your Google Admin Console). This can be GoDaddy, Squarespace, Namecheap, etc.

  • Go to the page for updating your domain’s DNS records. DNS Management, Name Server Management, or Advanced Settings.

  • Find your TXT records and check if your domain has an existing SPF record. The SPF record starts with “v=spf1…”.

  • If your domain already has an SPF record, please check with your IT and/or provider.

One domain cannot have more than 1 SPF record. So deleting the one that is already there is not always the best choice since it might cause issues with other tools you're using. Instead, you want to include more providers to your existing SPF.

Example

  • Let's say that you already have an SPF that is including Salesforce at the moment.
    It looks like this: v=spf1 include:_spf.salesforce.com ~all

  • Now what you want to do is also to include google in this SPF since Google is your email provider.

  • You want to modify the existing SPF so it now looks like this:

v=spf1 include:_spf.google.com include:_spf.salesforce.com ~all
  • Create a TXT record with these values:

    • Name/Host/Alias - Enter @ or leave blank

    • Other DNS records for your domain might indicate the correct entry.

    • Time to Live (TTL) - Enter 3600 or leave the default.

    • Value/Answer/Destination - Enter v=spf1 include:_spf.google.com ~all

Again, careful, the example of value above will work only if Google is your email provider.

If your email provider is not Google, please double-check with your email provider what is the correct value to use, we cannot confirm on our end.

This can take up to 72 hours to take effect.


DMARC

  • Go to your domain administrator’s site. Find DNS Management or Settings.

  • Add this TXT record to your DNS:

    • Host Name: _dmarc

    • VALUE (with email): Minimum VALUE is: v=DMARC1; p=none; rua=mailto:example@example.com;

      • OR v=DMARC1; p=quarantine; rua=mailto:example@example.com; pct=90; sp=none

      • OR VALUE (without email): v=DMARC1; p=quarantine; pct=90; sp=none

IMPORTANT

  • If you do not currently have a DMARC policy in place, we suggest starting with p=none

VALUE (with email): Minimum VALUE is: v=DMARC1; p=none; rua=mailto:example@example.com;
  • However, your DMARC policy has been set for a number of months, and you have had the chance to review who is sending email under your brand name and determine which of those are legitimate—and which are not. In this case, p=quarantine might be good for you.

VALUE: v=DMARC1; p=quarantine; rua=mailto:example@example.com; pct=90; sp=none

OR

VALUE: v=DMARC1; p=quarantine; pct=90; sp=none

Please, discuss it with your IT department.

Please always replace our example emails by one that actually exists and belongs to you.

The email version will send reports to whatever email you put in there.

Did this answer your question?