What authentication is required (SPF, DKIM, DMARC)?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Gmail and Yahoo's 2024 sender requirements made authentication non-negotiable for anyone sending at scale. If you're bulk-mailing without solid SPF, DKIM, and DMARC records, you're already behind. Here's what you actually need.

SPF tells mailbox providers which servers are allowed to send email from your domain. DKIM digitally signs each message so providers can verify the message actually came from you. DMARC ties SPF and DKIM together and tells providers what to do if either one fails. At minimum, you need valid DMARC set to at least p=none. (Yes, that bare minimum counts.)

Here's the alignment part that trips up everyone. SPF or DKIM must align with your From header domain for DMARC to pass. Misalignment is common when you're sending through a third-party platform. If Mailchimp is handling your sending, your DKIM alignment needs to match your From domain, not Mailchimp's infrastructure domain. That's the distinction that breaks deliverability for newbies.

Ready to check your current setup? Use a free SPF checker, DKIM checker, and DMARC generator to validate what you've got right now.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get a setup checklist for your authentication

I'm using your ESP name and sending from your domain. Can you walk me through what each authentication method does, why alignment matters, and how to know if mine are set up correctly? What should I check first?

Edit the yellow boxes, then send to the AI of your choice.