Back to Blog
Email Deliverability

SPF, DKIM, and DMARC Setup: A Non-Technical Guide for Sales Teams

Published March 5, 2026

Why Authentication Matters

As of 2025, Google and Microsoft reject or spam-folder emails from unauthenticated domains. If your outreach domain lacks SPF, DKIM, and DMARC, nobody sees your emails. Setup takes 30 minutes and costs nothing.

SPF: Who Can Send From Your Domain

What It Does

SPF tells receivers which servers are authorized to send from your domain. Without it, anyone can forge emails from your domain.

How to Set It Up

Log into your domain registrar (GoDaddy, Namecheap, Cloudflare). Navigate to DNS settings. Add a TXT record:

  • Type: TXT
  • Host: @ (or leave blank)
  • Value: v=spf1 include:_spf.google.com ~all (for Google Workspace)

For Microsoft 365: v=spf1 include:spf.protection.outlook.com ~all

Multiple senders? Combine: v=spf1 include:_spf.google.com include:sendgrid.net ~all

Verify

Use MXToolbox SPF lookup. Enter your domain — it should show your record with "pass."

DKIM: Proving Emails Are Authentic

What It Does

DKIM adds a cryptographic signature to every email. Receivers verify against a public key in your DNS.

Setup for Google Workspace

Admin console, then Apps, then Gmail, then Authenticate email. Click Generate New Record. Add the TXT record to DNS exactly as shown.

Setup for Microsoft 365

Microsoft 365 Defender portal, then Email and collaboration, then Policies. Verify DKIM shows "Enabled."

Verify

Send test email to Gmail. Open it, click three dots, "Show original." Look for "DKIM: PASS" in headers.

DMARC: The Policy Layer

What It Does

DMARC tells receivers what to do when SPF or DKIM fail. Also provides monitoring reports.

Setup

Add TXT record:

  • Host: _dmarc
  • Value: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; pct=100

Start with p=quarantine. After 30 clean days, upgrade to p=reject.

Verify

MXToolbox DMARC lookup should display your policy.

Common Mistakes

  • Multiple SPF records: Only ONE SPF TXT record per domain. Combine all includes.
  • Typos: One wrong character breaks everything. Copy-paste carefully.
  • Forgetting subdomains: If sending from mail.yourdomain.com, authenticate that subdomain too.
  • Skipping DMARC: SPF and DKIM without DMARC leaves a gap.

After Authentication

Focus on: domain warm-up to build reputation, list verification with Easy Email Finder to keep bounces near zero, and content best practices from our spam filter guide. Authentication is the foundation — build on it carefully.

Ready to find business emails?

Try Easy Email Finder free — get 5 credits to start.

Start Finding Emails

Related Posts

Email Deliverability

Gmail Is Now Rejecting Your Cold Emails: The 2026 DMARC/SPF/DKIM Survival Guide

Gmail and Yahoo have made email authentication mandatory. Here is exactly how to configure SPF, DKIM, and DMARC so your outreach actually reaches inboxes.

Read more →Email Deliverability

How to Warm Up Your Email Domain in 2026 (The 21-Day Playbook)

Skip domain warmup and your cold emails go straight to spam. Follow this exact 21-day playbook to build sender reputation the right way.

Read more →Email Deliverability

Email Verification: Why 40% of "Verified" Emails Still Bounce

You paid to verify your email list and still got a 15% bounce rate. Here is why email verification is fundamentally broken and what actually works.

Read more →