SPF & DKIM records
Learn more about SPF & DKIM records as well as how to add them correctly
Lina avatar
Written by Lina
Updated over a week ago

We could bet that you, as a marketer, already know of the acronyms SPF & DKIM. But what do they really mean, and how can they benefit you? Now is the perfect time to learn about SPF & DKIM and set them up in your DNS records for your email server to have better control over your email deliverability.


About SPF record

SPF (Sender Policy Framework) is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send emails from that domain. Brands, sending their emails using different services need to publish SPF records in the DNS (Domain Name System). These records list which IP addresses are authorized to send an email on behalf of their domains.

During the SPF check, email providers verify the SPF record by looking up the domain name, listed in the “envelope from” address in the DNS. If the IP address sending an email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication.

Reasons to implement

If a domain publishes an SPF record, spammers and phishers are less likely to forge emails pretending to be from that domain, because the forged emails are more likely to be caught in the spam filters that check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate email from the domain is more likely to get through to your customer.

Duplicate SPF TXT records

A commonly violated aspect of SPF is that one domain may only have a single SPF record. Why are multiple SPF records so common? Part of the cause is that when an organization deploys different services, each provider often instructs them to create an SPF record. For organizations that have multiple SPF records, this is easily resolved by merging the records into a single statement. For example, if you had the following two records to authenticate:

Two SPF Records

“v=spf1 include:_spf.google.com ~all”

“v=spf1 include:mailgun.org ~all”

Two SPF Records Combined

“v=spf1 include:mailgun.org include:_spf.google.com ~all”

About DKIM record

DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message in a way that can be verified by the mailbox providers. This verification is made possible through cryptographic authentication. The primary advantage for e-mail recipients is that it allows to reliably identify a stream of legitimate email, thereby allowing domain-based blacklists and whitelists to be more effective. This is also likely to make certain kinds of phishing attacks easier to detect.

DKIM lets an organization take responsibility for a message while it is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery or not.

Adding SPF & DKIM records

Below you will find a list of the most popular DNS providers. By clicking on the DNS provider name you can find tutorials or basic information on How to add the given records to your provider. 

Important note: when you search for a tutorial on how to add records keep in mind that you need to look only at the TXT format parts. 

Amazon (SPF and DKIM)

Don’t know who your DNS provider is? You can easily find it out here.

To check if your records are added correctly, we recommend you to follow this link and paste your domain name in both SPF and DKIM parts. If something is not correct, you will be able to see all errors there.

Final touches

A domain signature at Omnisend is free of charge for all users.

Important note: To add SPF and DKIM records you need to think of a domain name you would like to use. You will need to add our provided records to your DNS so we recommend using your store name. Also, for Automation emails, you can sign a subdomain or use the same domain, subdomain could be @news.domainexample.com; @email.domainexample.com; @shop.domainexample.com and etc. The process of signing a subdomain is the same as with signing a domain. You will need to add our provided records to the subdomain in your DNS.

Always remember, using authentication will not guarantee that every email will reach your client’s inbox - you need to focus on improving your email deliverability! However, it preserves your brand reputation and makes sure you have the best possible chance of having your messages reach their intended destination.


Something is wrong with DKIM records

If you are using GoDaddy as your DNS provider and while checking if the records are added correctly you can not see any information about DKIM, take a better look at the "Name" part. We provide you with a fully-qualified name that ends with your domain name, DO NOT include your domain name in the “Name” field when you add the TXT record. If you are given something._domainkey.yourdomain.com only enter something._domainkey. in the “Name” field.

SPF records are not found

  • This is a common issue if you have more than one SPF record added in your DNS. In such cases, we recommend that you combine those records. Go back to Duplicate SPF TXT records part where you will find an example of how combined records should look.
    Use this service to verify the number of the SPF records: https://dmarcian.com/spf-survey/

  • If you are trying to add an SPF record for Subdomain, skip the main domain and include only Subdomains' name in a "Name" part.

  • Also, in some cases, you might be asked to add only the @ symbol instead of the record name. In the DNS zone, @ - represents the domain, so it might be sufficient to replace it with the @ sign.

Did this answer your question?