Appearance
Fixing SPF, DKIM & DMARC Failures
Overview
SPF, DKIM, and DMARC are essential DNS records used to validate your emails and prevent them from being marked as spam. If these fail, your emails may not be delivered correctly.
What Are SPF, DKIM & DMARC?
- SPF (Sender Policy Framework): Lists the servers allowed to send mail for your domain.
- DKIM (DomainKeys Identified Mail): Digitally signs your emails to verify authenticity.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): Enforces SPF/DKIM rules and instructs receivers what to do with failed emails.
Common Causes of Failure
| Failure Type | Likely Reason | Fix |
|---|---|---|
| SPF fail | No SPF record or wrong sending IPs | Add correct v=spf1 record including your mail server IP/domain |
| DKIM fail | DKIM record not published or misconfigured | Check for default._domainkey TXT record and verify private key use |
| DMARC fail | SPF or DKIM failed and policy is strict | Add a v=DMARC1 TXT record with appropriate policy (p=none to start) |
| All pass but mail goes to spam | Low domain reputation or missing PTR records | Authenticate and warm up your domain, ensure PTR record exists |