🚨 Meet Google and Yahoo's new bulk email DNS requirements - Learn more

A Basic Guide to Understanding SPF & DKIM Records

SPF Hero


Have you struggled to understand these terms? If so, you’re not alone. SPF and DKIM are some of the most confusing types of DNS records.

What is SPF?

SPF—Sender Policy Framework—is used to prevent bad actors from sending emails that look like they’re from you. This can be bad for business. For one, it can tarnish your brand as people will associate you with spam tactics. Even worse, existing customers who have a trusting relationship with you can be subject to potential scams. 

These situations can be easily avoided, by properly configuring SPF. SPF is set up via your DNS server. This works by defining IP addresses that can be used to send emails from your domain. This way, only people who are “on the list” can attend the party and send emails with your domain attached. 

TLDR:No SPF Configured—anyone’s allowed in. 

SPF Configured—only people on your list can send emails for you.

Now, it can get a little more complicated since you might have MailChimp, Google Apps, or another application sending emails on your behalf. You’ll need to add these apps to your SPF record if applicable. 

Setting Up SPF:

  1. Check your SPF record. MxToolbox and Google Apps Toolbox can help you with this. You will see your current SPF or that it hasn’t been set up. 

  2. You will see a line of text representing your SPF:

    • “v=spf1 include:_spf.google.com ~all”

    • The first part—“v=spf1”—indicates that this is an SPF record.

    • The second part—“include:_spf.google.com”—this indicates all the mail servers that are authorized.

    • The third part—“~all”—this indicates that if an email is received from a source you haven’t listed, it can still be let through. However, it will likely be flagged as spam/suspicious.

    • Of course, if you’re using multiple apps, the line will be longer since it’ll have to include every app you’ve authorized.

Important things to note:

  • SPF records are technically TXT records.

  • You can’t have more than 10 email providers in a single SPF record

What is DKIM?

DomainKeys Identified Mail (DKIM) is another mechanism that prevents bad actors from sending emails from your domain. DKIM “signs” your emails so the receiver’s email server can check if the email has that signature or not.

To do this, a basic encryption process is implemented that uses a private key and a public key. The private key encrypts your signature in the header of your messages. The public key allows the recipients’ servers to decrypt your (hidden) signature from the header of the message. Having DKIM set up also has the positive effect of increasing the deliverability of your emails, including cold emails.

Setting up DKIM: First, you need to access your email provider’s admin console. Next, you need to generate a public key—how you do this will depend on the provider. 

You’ll need to copy and paste the generated txt record in the right place in your DNS records. Next, turn on email signing—this will enable sending emails with your encrypted signature.


Setting up SPF & DKIM will improve deliverability if you’re sending a lot of emails for inbound or outbound sales/marketing. If your domain is blacklisted (due to spam emails), your emails will automatically end up in recipients’ spam inboxes. As such, protecting your domain’s online reputation is critical to achieving and sustaining a high deliverability rate.  

While setting these up may seem complicated, you can be rest assured that using Entri will automate the process for you! Just make sure to check the boxes for SPF and DKIM and connect to the relevant 3rd party services.