Free Tool

Set up email authentication step by step

Configure SPF, DKIM, and DMARC for your domain with guided instructions and live DNS verification at every step.

1
Scan Domain
2
SPF
3
DKIM
4
DMARC
5
Report
Scan your domain
Enter your domain to check which email authentication records are already configured. We'll detect your email provider and tailor the setup instructions.
Set up SPF
SPF (Sender Policy Framework) tells receiving mail servers which IP addresses and servers are authorized to send email for your domain.
DNS changes can take up to 48 hours to propagate, though most are visible within 1 hour. Click "Verify" to check if your changes are live.
Set up DKIM
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails, allowing recipients to verify the message hasn't been tampered with.
DKIM is enabled in your email provider's admin panel, not in DNS directly. Your provider generates the DNS record for you to add.
Set up DMARC
DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together and tells receiving servers what to do with unauthenticated email.
Start with p=none to monitor. Once you're confident legitimate mail passes, move to p=quarantine then p=reject.
Authentication report
Here's a summary of your domain's email authentication status.

Your authentication is set. Now let AI handle the emails themselves. Unboxd reads every email and gives you a daily briefing with only what matters.

Gmail Outlook Try unboxd free
Dive deeper with individual tools
Domain Email Health Score SPF Record Checker DKIM Record Checker DMARC Record Generator Bulk Sender Compliance Checker

Email authentication FAQ

What is email authentication?

Email authentication is a set of DNS records (SPF, DKIM, and DMARC) that verify your domain is authorized to send email. These records prevent email spoofing, improve deliverability, and protect your domain reputation. Google and Yahoo require authentication for all senders as of 2024.

Do I need all three records?

Yes. SPF specifies which servers can send email for your domain. DKIM adds a cryptographic signature to verify message integrity. DMARC ties them together and tells receiving servers what to do with unauthenticated email. All three are required for full protection and maximum deliverability.

How long does DNS propagation take?

DNS changes typically propagate within 15 minutes to 4 hours, though it can take up to 48 hours in rare cases. Most changes are visible within 1 hour. Use the "Verify" button in each step to check if your changes have propagated.

Will this break my existing email?

No, when done correctly. This wizard guides you through safe defaults. For DMARC, we recommend starting with p=none (monitor only) so you can observe results before enforcing. SPF and DKIM add verification without affecting delivery of legitimate email.

What if I use multiple email services?

Your SPF record can include multiple providers (e.g., Google Workspace and SendGrid). Each service you send email from needs to be listed. This wizard detects your primary provider, but you may need to add additional include: entries for marketing platforms or transactional email services.

Tired of reading emails?

Let AI extract your action items

Unboxd reads every email and gives you a daily briefing with only what matters.

Gmail Outlook Start for free