SPF, DKIM & DMARC Generator

Understanding Email Authentication (SPF, DKIM, DMARC)

Modern email deliverability is built on trust. When you send an email, server-side filters at Gmail and Outlook ask one question: "How do I know this sender is who they say they are?" Without SPF, DKIM, and DMARC, your domain has no identity, and your emails are treated as potential phishing attacks or spam.

How the DNS Config Generator Works

Our tool simplifies the complex process of creating authentication records. By selecting your email provider (like Google or Microsoft), we automatically format the strings according to their specific requirements. We also help you configure DMARC policies—the instructions that tell receiving servers what to do with unauthenticated mail.

Benefits of Proper DNS Configuration

• Higher Deliverability: Verified domains are much less likely to be flagged as spam.
• Brand Protection: Prevent hackers from spoofing your domain for phishing.
• Improved Open Rates: Emails that land in the primary inbox get seen and opened.
• Compliance: Meet the 2024 requirements set by Google and Yahoo for bulk senders.

Step-by-Step: How to Generate Your Records

1. Enter Your Domain: Type your main sending domain (e.g., example.com).
2. Select Your Provider: Choose Gmail, Outlook, Zoho, or Custom.
3. Set DMARC Policy: Start with "None" for monitoring, then move to "Quarantine" as you gain confidence.
4. Copy Records: Click the copy button for each record type.
5. Add to DNS: Log in to your DNS provider (like GoDaddy or Cloudflare) and add these as TXT records.

Example DNS Records for Google Workspace

If you are using Google Workspace, your records should look approximately like this in your DNS provider:

Why Cold Emailers Need a 100% Valid Score

If you are doing B2B outreach, your volume is higher than a typical individual. This makes you a target for "Aggressive Spam Filtering." If even one of these three records is missing or misconfigured, your outreach will fail before it even starts.

Frequently Asked Questions

How to Add DNS Records to Popular Providers

Once you've generated your SPF, DKIM, and DMARC records using this tool, you need to add them to your domain's DNS settings. Here's how to do it on the most popular hosting platforms:

Cloudflare DNS Setup

Log in to your Cloudflare dashboard → Select your domain → Go to DNS → Records → Add Record. Choose type TXT, set the name field (@ for SPF/DMARC, or the DKIM selector for DKIM), paste the value, and click Save. Cloudflare DNS propagation is usually instant.

GoDaddy DNS Setup

Go to My Products → Click DNS next to your domain → Scroll to Records → Click Add. Select type TXT, enter the host and value fields, and save. GoDaddy propagation takes 15–60 minutes.

Namecheap DNS Setup

Go to Domain List → Click Manage → Go to Advanced DNS → Click Add New Record. Choose TXT Record, enter the host (@ or _dmarc), paste the generated value, and save. Propagation typically takes 30 minutes.

SPF Record Syntax Explained

An SPF record follows a specific syntax. Here's a breakdown of each component:

• v=spf1 — Version identifier (always spf1)
• include:_spf.google.com — Authorizes Google's mail servers to send on your behalf
• include:sendgrid.net — Adds SendGrid as an authorized sender (if using)
• ip4:203.0.113.0/24 — Authorizes a specific IP range
• ~all — Soft-fail: emails from unauthorized sources are flagged but not rejected
• -all — Hard-fail: emails from unauthorized sources are rejected outright

Pro tip: Start with ~all (soft-fail) until you've confirmed all your legitimate sending sources, then switch to -all (hard-fail) for maximum protection.

DMARC Policy Levels: none vs quarantine vs reject

Understanding DMARC policies is critical for protecting your domain while maintaining deliverability:

Google & Yahoo 2024 Bulk Sender Requirements

Starting February 2024, Google and Yahoo require all bulk senders (those sending 5,000+ emails per day) to have properly configured SPF, DKIM, and DMARC records. Failure to comply means your emails will be rejected outright — not even sent to spam, but bounced entirely. This applies to both marketing emails and cold outreach.

Even if you're sending fewer than 5,000 emails per day, having all three authentication records dramatically improves your inbox placement rate and sender score.

Common DNS Configuration Mistakes

• Multiple SPF records: Having two TXT records starting with v=spf1 causes both to fail. Always merge into a single record.
• Missing DKIM selector: The DKIM record must use the exact selector your email provider specifies (e.g., google._domainkey for Google Workspace).
• Wrong TTL values: Set TTL to 3600 (1 hour) or lower during initial setup for faster propagation. You can increase it later.
• Forgetting subdomains: If you send email from mail.yourdomain.com, you need separate SPF/DKIM records for that subdomain.
• Not monitoring DMARC reports: Set up the rua tag to receive aggregate reports. Services like Postmark or DMARCian can help you visualize these reports.