What authentication is required (SPF, DKIM, DMARC)?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Gmail and Yahoo's 2024 sender requirements made authentication non-negotiable for anyone sending at scale. If you're bulk-mailing without solid SPF, DKIM, and DMARC records, you're already behind. Here's what you actually need.
SPF tells mailbox providers which servers are allowed to send email from your domain. DKIM digitally signs each message so providers can verify the message actually came from you. DMARC ties SPF and DKIM together and tells providers what to do if either one fails. At minimum, you need valid DMARC set to at least p=none. (Yes, that bare minimum counts.)
Here's the alignment part that trips up everyone. SPF or DKIM must align with your From header domain for DMARC to pass. Misalignment is common when you're sending through a third-party platform. If Mailchimp is handling your sending, your DKIM alignment needs to match your From domain, not Mailchimp's infrastructure domain. That's the distinction that breaks deliverability for newbies.
Ready to check your current setup? Use a free SPF checker, DKIM checker, and DMARC generator to validate what you've got right now.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.