Skip to main content
All CollectionsIntegrations - Connect your accountsEmail integration
How to set up DKIM, SPF, and DMARC for secure email authentication
How to set up DKIM, SPF, and DMARC for secure email authentication

Improve email deliverability and security with these essential setup steps

Updated over a week ago

Before you begin

These settings must be configured through your domain provider, not within Upfluence.

DKIM and DMARC authentication are required by Gmail and Yahoo to improve email security, prevent spam, and verify that senders own the domain they are sending emails from. We highly recommend setting up these protocols to ensure your emails are successfully delivered.

📌 Check with your IT team before making any changes to ensure these settings haven’t already been implemented. These configurations are required for businesses sending bulk emails through third-party tools (e.g., cold outreach, SDR emails).

Why do you need DMARC, SPF and DKIM?

Email authentication enhances security, prevents phishing, and protects your domain from being spoofed. Here’s how each protocol helps:

  • DKIM (DomainKeys Identified Mail): Ensures your emails remain unaltered during transit.

  • SPF (Sender Policy Framework): Verifies which mail servers can send emails on behalf of your domain.

  • DMARC (Domain-based Message Authentication, Reporting & Conformance): Prevents unauthorized use of your domain and improves email deliverability.

After setting up DKIM, use an email header analysis tool to validate your keys.

How to set up email authentication (for Gmail users)

1. Setting up DKIM

  1. In the Admin console, go to Menu ➡ Apps ➡ Google Workspace ➡ Gmail.

  2. Generate a DKIM Key.

  3. Create a DNS TXT Record using the generated DKIM key within your domain provider’s settings (e.g., GoDaddy, Squarespace, Namecheap).

  4. Authenticate the DKIM key in Google Admin.

📖 Google tutorial: Set up DKIM

2. Setting up SPF

  1. Log in to your domain provider’s account (e.g., GoDaddy, Squarespace, Namecheap).

  2. Navigate to DNS settings (this may be called "DNS Management," "Name Server Management," or "Advanced Settings").

  3. Check your existing TXT records to see if an SPF record already exists (it will start with v=spf1).

    • If an SPF record already exists, consult your IT team. Instead of deleting it, add Google to the existing record.

    • If no SPF record exists, create a new TXT record with the following details:

      Name/Host/Alias: @ or leave blank
      TTL: 3600 (or default)
      Value: v=spf1 include:_spf.google.com ~all (Only if Google is your emailprovider!)

    • The record shall look similar to the example below

      v=spf1 include:_spf.google.com include:_spf.salesforce.com ~all

Note: SPF changes may take up to 72 hours to take effect.

3. Setting up DMARC

  1. Log in to your domain provider’s DNS settings.

  2. Create a new TXT record with the following details:

    Host Name: _dmarc

    Value (with email reporting):
    v=DMARC1; p=none; rua=mailto:your-email@example.com;

    Alternative (with stricter enforcement):
    v=DMARC1; p=quarantine; rua=mailto:your-email@example.com; pct=90; sp=none

    If you do not want email reports, use:
    v=DMARC1; p=quarantine; pct=90; sp=none

🚨 Important: If this is your first time setting up DMARC, start with p=none to monitor activity before enforcing stricter policies. Discuss with your IT team before making adjustments.

4. Final step: Verify your settings

  • Ensure all email addresses in the setup are valid and belong to your organization.

  • Use an email authentication testing tool to check DKIM, SPF, and DMARC settings.

Did this answer your question?