Why are legitimate emails going to SPAM? (DMARC, DKIM, SPF)

Frustrated? I'd say you are very upset.

Are you sending legitimate emails but they go to SPAM or outright blocked? In this article, we'll discuss the power of DKIM, DMARC and SPF. And why you need to have all 3 configured.

What are DKIM, SPF and DMARC?

DKIM (DomainKeys Identified Mail) is the "Content Authenticity Signature of Approval". In other words, DKIM is a method to verify that the messages’ contents are trustworthy. We want to make sure that the email and it's content hasn't been tampered with or changed from the moment the message leaves the "origin" mail server.  DKIM uses a public/private key signing process where owners of the domain add a DNS entry with the public DKIM key. The recipients mail provider will then use this key to verify that the message DKIM signature is correct. The origin (or sender) signs the email with the corresponding private key and thus the public/private key validation. REQUIRED

SPF (Sender Policy Framework) is the most important of the three. This DNS text entry shows a list of servers that are allowed to send mail for a specific domain. Because DNS entries are entered by an administrator they imply an authoritative acknowledgement and validity. If email originates from an IP Address not specified in the SPF entry they are considered to be SPAM and blocked. Remember, admins are trusted individuals and because they are only allowed to add/change that DNS entries we consider this to be a primary measure of 'valid emails'. REQUIRED

DMARC (Domain-based Message Authentication, Reporting and Conformance) provides the domain owner with reports about the domain. It compliments SPF and DKIM by stating a clear notification/alerting/reporting policy. Once configured reports are then sent to an email address. REQUIRED

How do I configure DKIM, DMARC and SPF?

All three are configured as DNS entries - you must be an administrator of the domain with access to the DNS (domain name server).

For DKIM setup we recommend following:


For SPF setup we recommend following:


For DMARC we recommend following:


If you have further questions or want help, please contact us.

Leave your comment