DKIM, SPF & DMARC – What is it and do you need it? 

To put simply – these three things work together to protect you and others from attacks, and is important to ensure your email messages are delivered.

Here’s a breakdown of what the terms mean: 

SPF tells the internet what IP addresses or systems (such as Mailchimp, Google Workspace, Convertkit etc.) are allowed to send mail as you.  SPF (or Sender Policy Framework) was created over 20 years ago as a way to combat spammers and scammers. 

DKIM, or DomainKeys Identified Mail, is a system of digitally signing messages you send so that the recipient can trust that it really came from you.  It’s the technological equivalent of a wax seal stamp. 

DMARC, or Domain-based Message Authentication, Reporting and Conformance, works together with SPF and DKIM to tell the internet how to handle messages that are not compliant with SPF and/or signed with DKIM.

What that means for you: if you don’t have DKIM, SPF, and DMARC set up, hackers can spoof your domain and attack you and/or other people. You also run the risk of your outgoing emails dropping into the spam folder or simply not delivered.

Here are the 5 steps you need to take: 

  1. Set up DMARC Monitoring
    You’ll want to set up DMARC so you can start monitoring what systems are using your domain name to send emails. This involves creating a DNS record and using a service to receive and interpret the reports.
  2. Understand what systems your company uses to send email
    What domains are you currently using and where are you sending emails from? For example, if you send emails from Mailchimp you’ll need to set up SPF and/or DKIM in Mailchimp. If you’re sending emails through ClickUp, you’ll need to set that up too, and so on. 
  3. Set Up DKIM and/or SPF
    Set up DKIM and/or SPF for each of the systems you find in #1. Setting this up will require you to add records to DNS.
  4. Change Your DMARC Policy to Quarantine
    After you’ve properly configured all of your sending systems and have been monitoring for some time, change your policy to quarantine.  This will cause any messages that fail compliance to not be delivered and instead dropped into a quarantine or users’ spam folder.
  5. Change Your DMARC Policy to Reject
    Once you’ve quarantined for some time and everything looks good, you can move to reject. This will greatly reduce the chances that messages that are not compliant will be received. 

Not sure where to go from here? You can review Google’s Email Sender Guidelines or you can book a call with us to find out how we can help.

More Like This

DMARC: Secure Your Domain with Email Authentication

In a world where email communication is essential but also vulnerable to cyber threats like phishing and fraud, DMARC emerges as a crucial tool for safeguarding email domains. DMARC, or Domain-based Message Authentication, Reporting, and Conformance, acts as a virtual guardian, verifying the authenticity of emails claiming to originate from a domain. By implementing DMARC, domain owners can prevent unauthorized use of their domains and protect recipients from malicious emails.

Read More »

Subscribe to our newsletter for the latest Geek Girl Tech news & updates!

Finally, DIY security for all.

Learn how to keep your business safe by joining the waitlist for our DIY Security offer – coming soon.