All about email health-- DMARC, SPF, and more

We know how important deliverability is to your business— it's important to us to! As email providers continue to implement new restrictions around sending, it's important that you ensure the security and authenticity of messages you're sending. For the most part, our team can assist in getting these protocols set up.

How do I see my domain's email health?

To check the status of your DNS, SPF, DMARC, and DKIM, we recommend using MXToolbox. Here, you'll also see if you're on any blacklists for sending, and other email related errors and protocols.

Does this apply to all email systems?

In general, these protocols apply to companies that have their own domain. We are not able to make any changes for domains that you do not have access to— essentially, you must be able to login to your domain manager and have access to your DNS zone.

If you're using non-professional domains like GMail, Yahoo, AOL, we are not able to make these changes.

How can Levitate help me out here?

Our Support team is able to assist in implementing these protocols for clients sending from their own domain. For DKIM, our team is able to assist with those on Google Workspace and Microsoft Office accounts. We're also happy to assist in taking a look at your email health and provide feedback!


Domain Name System

DNS serves as the backbone of the internet's addressing system, translating human-readable domain names into IP addresses. In the context of email, DNS plays a crucial role in storing various records essential for email authentication, such as SPF, DKIM, and DMARC records. These records provide instructions and cryptographic keys necessary for recipient servers to verify the authenticity of incoming email messages.

Setting up DNS

Ensure that your DNS records are correctly configured to include the necessary SPF, DKIM, and DMARC records. This is typically done through your DNS hosting provider's dashboard.


Sender Policy Framework

SPF is an email authentication protocol that helps prevent email spoofing. It works by allowing domain owners to publish a list of authorized mail servers in their DNS records. When an email is received, the recipient's server can check the SPF record of the sender's domain to verify if the sending server is authorized to send emails on behalf of the that domain. SPF helps in detecting and rejecting forged sender addresses, thereby reducing spam and phishing attempts.

Setting up SPF

SPF records are TXT records added to your domain's DNS zone file. Here's an example of an SPF record:

v=spf1 ~all

You'll need to replace '' with your actual domain.


DomainKeys Identified Mail

DKIM is a method for validating the authenticity of email messages. It works by adding a digital signature to the email header using cryptographic techniques. This signature is generated by the sending server, using a private key associated with the sender's domain. Upon receipt, the recipient's server verifies the signature using a public key retrieved from the sender's DNS records. DKIM helps in verifying that an email message was indeed sent from the claimed domain and that it hasn't been tampered with during transit.

Setting up DKIM

Setting up DKIM involves generating cryptographic keys and adding DNS records. Below is an example of how you would set up a DKIM record in your DNS zone file:

  1. Generate DKIM keys using your email service provider
  2. Add a TXT record to your DNS zone file with the DKIM public key. For example IN TXT "v=DKIM1; k=rsa; p=YourPublicKeyHere"

Replace '' with your domain and 'YourPublicKeyHere' with the public key provided by your email service provider.

For DKIM, our Support team is able to assist in implementing on Google Workspace and Microsoft Office.


Domain-based Message Authentication, Reporting, and Conformance

DMARC is an email authentication protocol that builds upon the SPF and DKIM mechanisms. It allows senders to specify policies for incoming emails, instructing recipient servers on how to handle messages that fail authentication checks. DMARC enables domain owners to protect their brand reputation and users from phishing attacks by providing instructions on how to handle unauthenticated emails.

Setting up DMARC

DMARC records are also TXT records added to your DNS zone file. Here's an example of a DMARC record:

v=DMARC1; p=quarantine;;; sp=reject;

This DMARC record instructs receiving servers to quarantine emails that fail DMARC checks ('p=quarantine'), sends aggregate reports to '' ('rua'), and forensic reports to '' ('ruf'). Replace '' with your actual domain.

Have questions? Ready to get started on beefing up your email health? Email us!

These examples provide a basic setup for SPF, DKIM, and DMARC. For comprehensive configuration and best practices, it's recommended to consult with your email service provider or IT specialist. Additionally, make sure to monitor and periodically review your email authentication settings to maintain email health and security.

Still need help? Contact Us Contact Us