Add SPF, DKIM & DMARC

SPF, DKIM and DMARC are three DNS records that prove your email is legitimate. Without them, cold email goes to spam — with them, you land in the inbox. This is a one-time ~15-minute setup per domain. Click-by-click below.

You add these at your registrar's DNS (where you bought the domain: Namecheap, Cloudflare, etc.). Each is a record you copy from Google Workspace and paste into DNS.

Step 1 — SPF (says "these servers may send for me")

1. In your registrar's DNS, add a TXT record for the domain root (@).
2. Value for Google Workspace: v=spf1 include:_spf.google.com ~all
3. Save. Only one SPF record per domain — don't add a second.

Step 2 — DKIM (cryptographically signs your mail)

1. In Google Admin → Apps → Google Workspace → Gmail → Authenticate email.
2. Select your domain → Generate new record (2048-bit).
3. Google gives you a host/name (e.g. google._domainkey) and a long TXT value.
4. Add that as a TXT record in your DNS, then back in Google click Start authentication.

Step 3 — DMARC (tells inboxes what to do & gives you reports)

1. Add a TXT record with host _dmarc.
2. Start gentle: v=DMARC1; p=none; rua=mailto:you@yourdomain.com
3. p=none monitors without blocking — fine for cold-email domains. Tighten later if needed.

Step 4 — Verify it all

1. DNS changes can take minutes to a few hours to propagate.
2. Check with a free tool: mxtoolbox.com (SPF/DKIM/DMARC lookups) or send a test to a Gmail and view "Show original" — SPF, DKIM and DMARC should all say PASS.
3. Repeat for every sending domain.

Gotcha: the #1 deliverability mistake is skipping DKIM or having two SPF records. If mail still lands in spam after warmup, re-check these three first.

Next: warm up & connect a sequencer.