What Is SPF, DKIM, and DMARC?
Three DNS-based email authentication standards that prove to receiving mail servers that your emails are legitimate and authorised.
SPF, DKIM, and DMARC are three complementary email authentication protocols implemented as DNS records. Together, they prove to receiving mail servers that an email genuinely originates from the domain it claims and hasn't been tampered with in transit. All three are required for modern cold email deliverability.
SPF (Sender Policy Framework)
SPF is a DNS TXT record at your domain root that lists which mail servers are authorised to send email on behalf of your domain. When a receiving server gets an email from your domain, it checks whether the sending server's IP is listed in your SPF record.
Example SPF record: v=spf1 include:_spf.google.com include:sendingplatform.com ~all
The ~all suffix means "softfail" — mark unapproved senders as suspicious. Use -all for "hardfail" (reject) once your DMARC is in place.
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to every outgoing email, verified using a public key published in your DNS. If the email was modified in transit, the signature fails. Each sending platform (Google Workspace, Outlook, SMTP provider) needs its own DKIM key pair — you publish the public key in DNS at selector._domainkey.yourdomain.com.
DMARC (Domain-based Message Authentication, Reporting and Conformance)
DMARC defines what receiving servers should do when SPF or DKIM fails. It also requires "alignment" — the domain in the From: header must match the domain that passed SPF or DKIM.
DMARC progression: start with p=none (reporting only) → p=quarantine (spam folder for failures) → p=reject (block failures entirely). Monitor DMARC aggregate reports during each phase.
Google and Yahoo 2024 requirements
Since February 2024, both Google and Yahoo require DMARC at p=none minimum for bulk senders (5,000+ emails/day). SPF and DKIM are required for all senders. Spam rate must stay below 0.10% in Google Postmaster Tools.
Related terms
Put SPF, DKIM, and DMARC into practice with YOG.io
YOG.io is a governed outbound platform — AI discovers verified contacts, AI drafts personalised sequences, and a human approves before every send.
Run your next outbound or marketing campaign from one governed system.
Import an audience, let AI prepare the message, approve the work, send from the right identity, and measure what happens next. One contact memory underneath every campaign.
No credit card · 14-day free trial · Governed by design