SPF, DKIM & DMARC

SPF, DKIM, and DMARC are three email authentication DNS records that every cold email sender must configure before their first send. Together, they prove to receiving mail servers that you are legitimately authorized to send emails from your domain, dramatically reducing the chance of your emails being marked as spam or rejected.

SPF (Sender Policy Framework): A DNS TXT record that specifies which mail servers are authorized to send email on behalf of your domain. Example: if you send via Google Workspace, your SPF allows Google's servers. Unauthorized senders are rejected or flagged.

DKIM (DomainKeys Identified Mail): A cryptographic signature added to every email you send. The receiving server looks up your public key in DNS and verifies the email wasn't altered in transit and genuinely came from your domain.

DMARC (Domain-based Message Authentication, Reporting & Conformance): A policy that tells receiving servers what to do when SPF or DKIM checks fail — reject, quarantine, or allow. It also enables reporting so you can see who is sending email pretending to be your domain.