How to Set Up SPF, DKIM, and DMARC: A 10-Minute Guide

Introduction: Taking Control of Your Domain

You know you need them, but how do you actually *do* it? Setting up the 'Big Three'—**SPF, DKIM, and DMARC**—is arguably the most important technical task for any business owner. The good news? It’s not actually that hard once you understand where to put the pieces.

In this guide, we'll show you exactly how to configure your DNS settings to achieve perfect email authentication in about 10 minutes.

Step 1: Set Your SPF Record

Log into your DNS provider (like GoDaddy or Namecheap). Add a new **TXT record**. If you use Google Workspace, your record will be: v=spf1 include:_spf.google.com ~all. If you use multiple services, combine them carefully into a single TXT record.

Step 2: Generate Your DKIM Key

Most email providers (like Gmail or Microsoft 365) have a 'Security' or 'Mail Settings' section. Find 'DKIM' and click **Generate**. They will give you a specific string of code. Go back to your DNS provider and add a second **TXT record** (usually with the host named something like google._domainkey) and paste that code in.

Step 3: Add Your DMARC Policy

Finally, add one more **TXT record**. Start with a 'Monitoring' policy to avoid blocking your own mail by mistake. Use: v=DMARC1; p=none; rua=mailto:admin@yourdomain.com. Once you're confident (by checking the reports you receive), change p=none to p=quarantine or p=reject.

Conclusion

That's it! By adding these three simple lines to your DNS, you've done more for your security than 90% of other business owners. Your emails are now authenticated and ready for the inbox. Run a final health check here.