Are you finding that your emails to clients are landing in spam? Setting up your SPF, DKIM, and DMARC records properly is essential to making sure your emails get delivered and read.
Side note: This is fairly complex and technical, and no one ever really explains or walks you through it, but every business owner is expected to set it up. Isn't that crazy?
If you're getting hung up on anything below, please feel free to write into our chat and we'll get you un-stuck 😃
What are SPF, DKIM, and DMARC?
At a high level, SPF, DKIM, and DMARC are records you set up in your email and domain name servers to ensure that only you can send emails from your domain.
Together, they prevent Email spoofing (malicious actors sending fake emails that look like they come from your email), which is essential for keeping your email secure.
In February of 2024, Gmail and Yahoo imposed new requirements to make setting up these records even more important.
Given the sensitive nature of the content of your emails with your clients, we strongly recommend all firms set up these records.
How to set up SPF, DKIM, and DMARC for Google Workspace
SPF
Steps:
Add a TXT record to your DNS with the following values. If you already have an existing TXT record, update that record – do not add a second TXT record.
Host: @
Value: v=spf1 include:_spf.google.com ~allNote: the “@” sign is the DNS symbol for “all” - for a record to apply to your entire domain. Some DNS providers, such as Wix, may have you leave that value blank.
DKIM
Steps:
Get your DKIM key from your Google Admin Console (Menu → Apps → Workspace → Gmail) → Click Authenticate Email.
Select the domain where you want to set up DKIM → click Generate New Record.
Copy the values from here into a new TXT record in your DNS. If you already have an existing TXT record, update that record – do not add a second TXT record.
Go back to your Email settings in your Google Admin Console and click Start authentication.
DMARC
Steps:
Make sure you have already set up SPF and DKIM.
Add a new TXT record (or update your existing TXT record) with the following values:
Host: _dmarc Value: v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomainhere.com
Make sure to replace yourdomainhere.com with your applicable domain.
Testing your Email Deliverability
Once you have finished setting up your SPF, DKIM, and DMARC records, the last thing to do is test your email deliverability to make sure everything is working.
We recommend MX Toolbox for this.
To test whether your SPF/DKIM/DMARC records are set up properly:
Send an email from your connected practice email to ping@tools.mxtoolbox.com
Go to the results page.
If your results page looks shows you are DMARC compliant, SPF aligned/authenticated, and DKIM aligned/authenticated, your email is set up properly:
If any of the boxes are not checked and your results look like this instead, that means there's an issue with your setup:
These settings usually update quickly, but they can take up to 48 hours to fully sync. If you feel confident you completed the SPF/DKIM/DMARC set up correctly, wait a few hours and try the mail test again.