What is a DNS record, SPF, DKIM, and DMARC?


Domain Name Service, or DNS, is a directory that translates from our language to server computer language (IP addresses). DNS is also a directory of information such as domain names, email servers, and sending and receiving verifications, as well as a way to verify ownership of a domain – and further security measures. 

Through DNS rules, we can determine what IP addresses (individuals, or machines) have legitimate free or controlled access to our domain.

Essentially, websites are like people and their phone numbers. You can look up a website using the domain name such as mailshake.com, but you can also look it up using its corresponding server name IP address (its phone number). Domain names are all related to a particular IP address, but using domain names is a lot easier than remembering a bunch of numbers.


Sender Policy Framework, or SPF, helps prevent spoofing (someone using your domain illegitimately).

SPF is a major component of the email authentication process. Having a properly set up SPF record will boost your deliverability rates (dramatically). Some domains and server hosts will require incoming emails to have a properly set up SPF to receive emails. If no SPF is set up, the emailing attempts will be rejected, resulting in bounces (lower deliverability rates). 

SPF allows senders to define which IP addresses are allowed to send mail for a particular domain.


Domain Key Identified Mail, or DKIM, is a standard DNS authentication mechanism, meaning it helps prove that you are sending emails from a valid mail server and that your emails are legitimate and to not be labeled as spam. 

In this guide, we will walk through setting up a DKIM key for both Office 365 and Google. You'll notice how the mail server generates a key for us. This is the key that the recipient of our emails will use to compare and validate the authenticity of the email and decide if it's safe or not safe – helping boost deliverability rates. DKIM dramatically increases domain reputation when doing email outreach.

DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.


Domain-based Message Authentication, Reporting, and Conformance, or DMARC, is a way of connecting SPF and DKIM to ensure that there is a safe and legitimate sender behind the email.

DMARC gives the recipient of the email more control over the emails they receive based on the sender’s domain reputation. The sending side, by applying the right DMARC rules, has more control over their reputation and can protect against spam or phishing when sending out email campaigns.

DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test. In this guide, we are sending emails that fail authorization to spam rather than just bounce. Given our SPF, DKIM, and DMARC rules we should have very few of these.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us