mail_lock
DKIM / SPF / DMARC Reference & Generator
Understand and generate email authentication DNS records.
SPF Record Generator
SPF (Sender Policy Framework) defines which servers can send email on your behalf.
DMARC Record Generator
DMARC tells receivers what to do when SPF/DKIM checks fail.
DKIM Overview
DKIM (DomainKeys Identified Mail) adds a digital signature to outgoing emails.
DNS Record: selector._domainkey.yourdomain.com TXT record
Example: v=DKIM1; k=rsa; p=MIIBIjANBgkqhki...
Note: DKIM keys are generated by your email provider (Google Workspace, Microsoft 365, etc.). You then add the public key as a DNS TXT record.
Quick Reference
| Record | DNS Type | Host | Purpose |
|---|---|---|---|
| SPF | TXT | @ | Who can send email for your domain |
| DKIM | TXT | selector._domainkey | Cryptographic email signature |
| DMARC | TXT | _dmarc | Policy when SPF/DKIM fails |