NEW! Professional Bookkeeping Service →

Analytics + Finance

learn more

HR & Training

HR + Team Support

learn more


Marketing Suite

learn more



DMARC, SPF, and DKIM: Email Safety & What You Need To Know

Did you know that 90% of all emails are unwanted, unsolicited spam advertising? Not surprisingly, inbox services are inclined to help their users filter out the junk so that only genuine messages get through to the inbox. As a trusted source of information for your clients, you know that your messages are truly valuable to pet parents. The problem is that spam filters may not, and they could be canning your messages because you haven’t completed your domain management setup. Spoiler alert: 97% of vet hospitals haven’t set this up.

DMARC, SPF, and DKIM are the main components of email security that ensure your emails are being read by the correct person and protect your domain from malicious activities. Although Domain Name Management is a complicated topic to understand, you can arm yourself with the basics to stay protected online. Terms like sender policy framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) may sound intimidating, but essentially these email security tools act like a referral letter you publish on your site, showing that you are a legitimate organization. They prove that an email message is genuine, comes from who it claims to be, and helps protect your practice from malicious activities such as email spoofing and Phishing.

Email Spoofing is when your email list can receive emails from your domain that did not actually come from you. In most cases, these spoofed emails contain malware and other dangerous attachments. Another online danger is Phishing, where attackers send malicious emails that appear to be from your practice and are designed to trick people into falling for a scam. The intent is often to get users to reveal financial information, system credentials, or other sensitive data.

How To Make Your Email 100% Secure Using DMARC, SPF, and DKIM

By now, you understand how important these features are in keeping your domain safe, but it is up to you to ensure that your email addresses resolve correctly using SPF, DKIM, and DMARC records. If you set up the system yourself, there is a chance that you may have missed this critical stage. The good news is that the process is pretty straightforward. The even better news is that as a client of iVET360, you are already covered! We are using all three of these essential tools in combination, ensuring that you are protected and emails you are sending always land in the correct inbox. – so you don’t even need to read through to the end of the article!

If you are not a client of ours, you can absolutely set up your own system, but we do not recommend it. We have spelled out instructions for setting up SPF, DKIM, and DMARC for MX records hosted with Google below, but you should only follow them if you’re confident and experienced. These instructions are to be used at your own risk. Want help with other email providers? Check out these links:

How to create an SPF TXT record

How to Add DMARC at your DNS Provider

How to Add DKIM and Add to Your DNS

Setting up an SPF record (Sender Policy Framework)

Sender Policy Framework is a system used to check email is coming from the address claimed in the message headers (the information used by computers to ensure your email gets to its intended recipient).

  • Log into your admin console for your domain
  • Locate the advanced DNS record settings.
  • Create a new TXT record and assign it the value: v=spf1 ~all
  • Click Save.

Setting up a DKIM record (DomainKeys Identified Mail)

Because your emails deserve to be read by your clients, we need to prevent being incorrectly identified as spam. This is where DKIM comes into play.

This is a three-stage process – first, you need to generate a DKIM domain key:

  • Sign in to your Google Workspace Admin console, then select Apps -> Google Workspace -> Gmail -> Authenticate email
  • Select your domain from the drop-down list and click the Generate new record button.
  • Copy the generated text.

Now you need to create an associated record to tie that key to your email domain:

  • Log into your domain provider’s admin console.
  • Locate the advanced DNS settings page.
  • Create a new TXT record with the name google._domainkey and then assign it the values generated in the first step. It should look something like: v=DKIM1; k=rsa; p=ALb9a35QAA35in7qDAB (although the ‘p’ section of yours will be much longer).
  • Click Save to apply the changes.

Now that the DNS records have been updated, the final step is to tell Google Apps to use DKIM to protect your email:

  • Log into the Google Workspace Admin console again.
  • Select Apps -> Google Workspace -> Gmail -> Authenticate email
  • Choose the correct domain from the drop-down.
  • Click Start authentication.

Note that it may take be as much as 48 hours before the setting takes effect globally.

Setting up a DMARC record (Domain Message Authentication Reporting & Conformance)

The final step to proving you are in fact, YOU is the creation of a DMARC – Domain-based Message Authentication, Reporting, and Conformance – record. Because DMARC is built on both SPF and DKIM technologies, you will need to ensure you have completed both stages above before continuing:

Did that actually work?

The last step is checking that SPF, DKIM, and DMARC have all been configured correctly for your domain. Visit the Google Workspace MX tool and type your domain name into the supplied box. When you click ‘Run checks’, you will see a report that confirms you have an SPF record and that both DKIM and DMARC are properly set up. It’s important you thoroughly check that everything is working, because missing a step can cause unwanted problems with mail delivery, and could even prevent legitimate emails from going through.

Congrats! You did it! You should now see your open rate on emails skyrocket, as more of your email makes it into your clients’ mailboxes.

And don’t forget… If this all seems far too complicated, we can take care of all of this for you. Have questions or want some help? Don’t hesitate to reach out to us and we’ll be glad to back you up. Let’s chat about how you can help your business get the most out of your domain management and keep you and your clients safe from attack.