{"id":3926,"date":"2024-08-02T06:24:06","date_gmt":"2024-08-02T06:24:06","guid":{"rendered":"https:\/\/www.warmy.io\/blog\/how-to-set-up-postmark-spf-dkim-dmarc\/"},"modified":"2026-06-14T21:09:44","modified_gmt":"2026-06-14T21:09:44","slug":"how-to-set-up-postmark-spf-dkim-dmarc","status":"publish","type":"post","link":"https:\/\/www.warmy.io\/blog\/how-to-set-up-postmark-spf-dkim-dmarc\/","title":{"rendered":"Postmark&#8217;s Email Security: SPF, DKIM, and DMARC [Setup Explained]"},"content":{"rendered":"\n<p>SPF, DKIM, and DMARC are the three email authentication protocols every sender must configure to reach the inbox. SPF authorizes which servers can send on your domain&#8217;s behalf, DKIM signs each email with a cryptographic key, and DMARC enforces policy when either check fails. Together they protect your domain from spoofing, satisfy Gmail and Outlook&#8217;s mandatory bulk sender requirements, and directly improve inbox placement.<\/p>\n\n\n\n<p>Cybercriminals send an estimated <a href=\"https:\/\/aag-it.com\/the-latest-phishing-statistics\/\" target=\"_blank\" rel=\"noreferrer noopener\">3.4 billion phishing emails daily<\/a> worldwide. SPF, DKIM, and DMARC stop spoofed email from reaching your recipients&#8217; inboxes \u2014 and they now determine whether your own legitimate email reaches the inbox at all. Google required these protocols for bulk senders from February 2024 with full enforcement from November 2025, and Microsoft followed with identical requirements for Outlook, Hotmail, and Live.com <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoftdefenderforoffice365blog\/strengthening-email-ecosystem-outlook%e2%80%99s-new-requirements-for-high%e2%80%90volume-senders\/4399730\" target=\"_blank\" rel=\"noreferrer noopener\">from May 5, 2025<\/a>. Non-compliant senders now face permanent 550 rejections. This guide walks you through setting up all three with Postmark.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"490\" src=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/08\/Screenshot_11-1024x490.png\" alt=\"pastmark\" class=\"wp-image-7104\" title=\"\" srcset=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/08\/Screenshot_11-1024x490.png 1024w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/08\/Screenshot_11-300x143.png 300w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/08\/Screenshot_11-768x367.png 768w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/08\/Screenshot_11-1536x735.png 1536w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/08\/Screenshot_11.png 1675w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">SPF vs DKIM vs DMARC: How They Work Together<\/h2>\n\n\n\n<p>All three protocols serve different purposes and must be configured together. For a deeper look at why each one matters for deliverability, see <a href=\"https:\/\/www.warmy.io\/blog\/why-do-you-need-to-configure-spf-dkim-dmarc-and-how-to-set-them\" target=\"_blank\" rel=\"noopener noreferrer\">why you need to configure SPF, DKIM, and DMARC<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th><strong>Protocol<\/strong><\/th><th><strong>What It Does<\/strong><\/th><th><strong>What It Protects Against<\/strong><\/th><th><strong>Required in 2026<\/strong><\/th><\/tr><\/thead><tbody><tr><td>SPF<\/td><td>Lists authorized mail servers for your domain in DNS<\/td><td>Unauthorized servers sending as your domain<\/td><td>Yes \u2014 Gmail &amp; Outlook require both SPF and DKIM<\/td><\/tr><tr><td>DKIM<\/td><td>Adds a cryptographic signature to every outbound email<\/td><td>Content tampering in transit<\/td><td>Yes \u2014 Gmail &amp; Outlook require both SPF and DKIM<\/td><\/tr><tr><td>DMARC<\/td><td>Enforces policy when SPF or DKIM fails; aligns the visible From address<\/td><td>Domain spoofing in the From header; phishing<\/td><td>Yes \u2014 minimum p=none; p=quarantine\/reject recommended<\/td><\/tr><tr><td>BIMI<\/td><td>Displays your brand logo next to emails in supported inboxes<\/td><td>Brand impersonation; improves inbox trust<\/td><td>Optional \u2014 requires VMC or CMC for Gmail and Apple Mail<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Understanding SPF (Sender Policy Framework)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What Is SPF and Why It Matters for Email Deliverability<\/h3>\n\n\n\n<p>Sender Policy Framework (SPF) acts as an authorized sender list for your email domain. You publish an SPF record in DNS that specifies which mail servers have permission to send email on your behalf. When a receiving server gets an email from you, it checks your SPF record and compares the sending IP against your approved list. A match passes; a mismatch fails \u2014 and depending on your DMARC policy, a failure can mean spam routing or outright rejection.<\/p>\n\n\n\n<p>SPF protects your domain reputation, deters spoofing, and is a mandatory component of Gmail&#8217;s and Outlook&#8217;s bulk sender requirements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Setting Up SPF with Postmark<\/h3>\n\n\n\n<p><strong>Step-by-step:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log into your DNS provider&#8217;s control panel.<\/li>\n\n\n\n<li>Create a new TXT record for your domain with the hostname <strong>@<\/strong> (your root domain).<\/li>\n\n\n\n<li>Set the value to: <strong>v=spf1 include:spf.mtasv.net ~all<\/strong> \u2014 this authorizes Postmark&#8217;s servers to send on behalf of your domain. If you use other email services alongside Postmark, add their include: entries to the same record before the ~all qualifier.<\/li>\n\n\n\n<li>Save the record and allow up to 48 hours for DNS propagation. For context on why propagation sometimes takes longer than expected, see this guide on <a href=\"https:\/\/www.warmy.io\/blog\/how-dns-propagation-delays-affect-email-deliverability-and-what-you-can-do-about-it\" target=\"_blank\" rel=\"noopener noreferrer\">how DNS propagation delays affect email deliverability<\/a>.<\/li>\n\n\n\n<li>Verify your record with Warmy&#8217;s <a href=\"https:\/\/www.warmy.io\/free-tools\/spf-generator\" target=\"_blank\" rel=\"noopener noreferrer\">Free SPF Record Generator<\/a> \u2014 it validates syntax and confirms you&#8217;re within the 10-lookup limit.<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"995\" height=\"651\" src=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/SPF-generator.png\" alt=\"SPF generator\" class=\"wp-image-7030\" title=\"\" srcset=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/SPF-generator.png 995w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/SPF-generator-300x196.png 300w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/SPF-generator-768x502.png 768w\" sizes=\"auto, (max-width: 995px) 100vw, 995px\" \/><\/figure>\n\n\n\n<p><strong>Common pitfalls \u2014 and how to avoid them:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Multiple SPF records.<\/strong> One SPF record per domain only. Add new senders by editing the existing record.<\/li>\n\n\n\n<li><strong>Exceeding the 10 DNS lookup limit.<\/strong> Flatten your SPF record if you&#8217;re approaching this limit.<\/li>\n\n\n\n<li><strong>Hard fail too early.<\/strong> Start with ~all (soft fail) until all legitimate senders are confirmed.<\/li>\n\n\n\n<li><strong>SPF alignment issues.<\/strong> If your Return-Path domain doesn&#8217;t match your From domain, emails can pass SPF but fail DMARC. Read the full guide on <a href=\"https:\/\/www.warmy.io\/blog\/spf-alignment-issues-causes-fixes-best-practices-for-better-email-authentication\" target=\"_blank\" rel=\"noopener noreferrer\">SPF alignment issues and how to fix them<\/a> if you run into this.<\/li>\n\n\n\n<li><strong>Missing subdomains.<\/strong> Subdomains that send email need their own SPF record.<\/li>\n\n\n\n<li><strong>Not updating after changing ESPs.<\/strong> Update your SPF record the same day you add or remove any email service.<\/li>\n<\/ul>\n\n\n\n<p><strong>Check your authentication before your next send.<\/strong> Warmy&#8217;s free <a href=\"https:\/\/www.warmy.io\/free-tools\/email-deliverability-test\" target=\"_blank\" rel=\"noopener noreferrer\">Email Deliverability Test<\/a> verifies SPF, DKIM, and DMARC in one pass and shows exactly where your emails land across Gmail, Outlook, and Yahoo.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"The Complete Tool For Email Deliverability: Meet Warmy.io!\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/jFXzuA-F-Nc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Diving into DKIM (DomainKeys Identified Mail)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What Is DKIM and How It Authenticates Your Emails<\/h3>\n\n\n\n<p>DKIM works like a digital wax seal for your emails. Every message your domain sends gets signed with a private cryptographic key. The receiving server retrieves your domain&#8217;s public key from DNS and verifies the signature. If it checks out, the email passed DKIM and arrived unaltered. If the signature fails, the content was modified in transit or the signing setup is broken.<\/p>\n\n\n\n<p>DKIM answers two questions for the receiving server: did this email originate from your domain, and was its content unchanged after it left? Both matter for DMARC compliance and inbox placement.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Implementing DKIM with Postmark<\/h3>\n\n\n\n<p><strong>Step-by-step:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In your Postmark account, open sender domain settings. Postmark automatically generates a unique DKIM key pair for your domain.<\/li>\n\n\n\n<li>Postmark provides a TXT record containing your domain-specific public key. Copy it exactly.<\/li>\n\n\n\n<li>In your DNS provider, add the TXT record at the hostname Postmark specifies. This hostname includes your unique DKIM selector followed by ._domainkey. Postmark assigns you a selector and shows it in your dashboard \u2014 always use that value rather than any example. For a detailed walkthrough of how selectors work, see <a href=\"https:\/\/www.warmy.io\/blog\/dkim-selectors-step-by-step-guide-on-how-to-find-dkim-selectors\" target=\"_blank\" rel=\"noopener noreferrer\">how to find your DKIM selector<\/a>.<\/li>\n\n\n\n<li>Wait for DNS propagation, then return to Postmark to verify the record. Once verified, Postmark signs all outbound email automatically.<\/li>\n<\/ol>\n\n\n\n<p><strong>Troubleshooting:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Record not found.<\/strong> Check that the hostname (selector + ._domainkey + .yourdomain.com) was entered correctly in DNS.<\/li>\n\n\n\n<li><strong>Signature failing after working previously.<\/strong> An email filter or forwarding rule may be modifying message content in transit.<\/li>\n\n\n\n<li><strong>DNS propagation.<\/strong> DKIM changes can take up to 48 hours to propagate globally.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Setting Up DMARC with Postmark: Policies, Reports, and Enforcement<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">What Is DMARC and How It Works<\/h3>\n\n\n\n<p>DMARC is the enforcement layer that sits on top of SPF and DKIM. It specifies what receiving servers should do when an email fails SPF or DKIM, and it aligns the visible From address with the domain authenticated by SPF or DKIM. That alignment requirement closes the spoofing gap that attackers exploit when they fake a From header while routing through an authorized server.<\/p>\n\n\n\n<p><strong>Warmy is an AI-driven email warmup and deliverability platform<\/strong> that builds your sender reputation automatically, monitors your domain&#8217;s authentication health, and keeps your emails out of spam. Use Warmy&#8217;s free <a href=\"https:\/\/www.warmy.io\/free-tools\/dmarc-generator\" target=\"_blank\" rel=\"noopener noreferrer\">DMARC Record Generator<\/a> to create your DMARC policy without needing to understand raw DNS syntax.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"727\" src=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/06\/DMARK-generator-1024x727.png\" alt=\"DMARK generator\" class=\"wp-image-6950\" title=\"\" srcset=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/06\/DMARK-generator-1024x727.png 1024w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/06\/DMARK-generator-300x213.png 300w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/06\/DMARK-generator-768x545.png 768w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/06\/DMARK-generator.png 1172w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Google and Microsoft Now Require DMARC: What Bulk Senders Must Know<\/h3>\n\n\n\n<p>Two major enforcement deadlines have passed:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Gmail (February 2024, enforced from November 2025):<\/strong> <a href=\"https:\/\/support.google.com\/a\/answer\/14229414?hl=en\" target=\"_blank\" rel=\"noreferrer noopener\">Google requires<\/a> SPF, DKIM, and a DMARC record at minimum p=none for bulk senders sending 5,000+ emails per day to personal Gmail accounts. Non-compliant email now faces temporary rate-limiting (4.7.x error codes) or permanent rejection (5.7.x). The grace period is over.<\/li>\n\n\n\n<li><strong>Outlook\/Hotmail\/Live (May 5, 2025):<\/strong> Microsoft enforces identical requirements for senders sending 5,000+ emails per day to its consumer addresses. Non-compliant messages are rejected with error 550 5.7.515 and are not delivered.<\/li>\n\n\n\n<li><strong>Yahoo and AOL<\/strong> apply similar authentication requirements. Configuring all three protocols is now a baseline requirement for any meaningful sending volume.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>Pro Tip:<\/strong> Monitor in p=none for 2 to 4 weeks before moving to enforcement. Your DMARC aggregate reports will reveal every source sending email under your domain \u2014 third-party tools, marketing platforms, and subdomains you may have forgotten. Authorize everything before you switch to p=quarantine, or you risk blocking legitimate email.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring DMARC with Postmark<\/h3>\n\n\n\n<p><strong>Step-by-step:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Add a TXT record in your DNS at the hostname <strong>_dmarc.yourdomain.com<\/strong>.<\/li>\n\n\n\n<li>Start with: <strong>v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com<\/strong> \u2014 this enables reporting without affecting delivery.<\/li>\n\n\n\n<li>Monitor daily aggregate reports (RUA) for 2 to 4 weeks. Reports show which sources are sending on your domain&#8217;s behalf, pass\/fail rates, and alignment status.<\/li>\n\n\n\n<li>Once all legitimate senders pass, move to p=quarantine (sends failing email to spam), then p=reject (blocks it entirely) as your confidence grows.<\/li>\n\n\n\n<li>Optional tags: use <strong>pct<\/strong> to apply your policy to only a percentage of email during the transition, and <strong>sp<\/strong> to set a separate policy for subdomains.<\/li>\n<\/ol>\n\n\n\n<p><strong>DMARC report types:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Aggregate Reports (RUA):<\/strong> Daily XML summaries sent by major providers \u2014 pass\/fail rates, sending sources, and alignment status across all email from your domain.<\/li>\n\n\n\n<li><strong>Forensic Reports (RUF):<\/strong> Detailed per-message failure logs, useful for diagnosing specific authentication failures. Not all providers send them.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Ensuring High Email Deliverability with Warmy.io<\/h2>\n\n\n\n<p>Configuring SPF, DKIM, and DMARC gets your authentication right, but authentication alone doesn&#8217;t ensure every email reaches the inbox. That&#8217;s the gap Warmy closes: an AI-driven platform that builds your sender reputation automatically, monitors your domain health in real time, and keeps your email out of spam at scale.<\/p>\n\n\n\n<p>Two free tools apply directly to the protocols in this guide. The DMARC Record Generator and the SPF Record Generator both generate validated, ready-to-publish DNS records without requiring technical expertise. For a complete authentication check, run Warmy&#8217;s Email Deliverability Test \u2014 it verifies SPF, DKIM, and DMARC in a single scan alongside inbox placement and blacklist checks.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"825\" height=\"527\" src=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/Screenshot_5.png\" alt=\"dashboard\" class=\"wp-image-7063\" title=\"\" srcset=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/Screenshot_5.png 825w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/Screenshot_5-300x192.png 300w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2024\/07\/Screenshot_5-768x491.png 768w\" sizes=\"auto, (max-width: 825px) 100vw, 825px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Advanced Topics in Email Authentication<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">BIMI (Brand Indicators for Message Identification)<\/h3>\n\n\n\n<p>BIMI displays your verified brand logo next to your emails in supported inboxes. When your email passes DMARC with an enforced policy (p=quarantine or p=reject), participating providers display your logo in the avatar slot beside the message.<\/p>\n\n\n\n<p>BIMI is no longer an early-stage technology. As of 2026, <a href=\"https:\/\/bimicertifications.com\/insights\/supporting-email-providers\" target=\"_blank\" rel=\"noreferrer noopener\">Gmail, Yahoo Mail, Apple Mail (iOS 16+, macOS Ventura+), Fastmail, and AOL<\/a> all support BIMI. Microsoft Outlook does not currently support it. Three implementation paths exist:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>VMC (Verified Mark Certificate):<\/strong> Works on Gmail (adds a verified blue checkmark), Yahoo Mail, and Apple Mail. Requires a registered trademark. Approximately $750 to $1,700 per year.<\/li>\n\n\n\n<li><strong>CMC (Common Mark Certificate):<\/strong> Introduced by Gmail in early 2025. Works on Gmail and Apple Mail without trademark registration, provided your logo has been publicly displayed on your domain for at least 12 months. Approximately $650 to $1,100 per year.<\/li>\n\n\n\n<li><strong>Self-asserted (no certificate):<\/strong> Free to set up. Yahoo Mail and Fastmail display your logo. Gmail and Apple Mail require a VMC or CMC.<\/li>\n<\/ul>\n\n\n\n<p>Focus on SPF, DKIM, and DMARC first. BIMI adds inbox brand visibility once your authentication foundation is solid.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Email Security for High-Volume Senders<\/h3>\n\n\n\n<p>At high volume, Gmail and Microsoft actively reject non-compliant email rather than just filtering it. For a detailed breakdown of warmup strategies at scale, see <a href=\"https:\/\/www.warmy.io\/blog\/best-warmup-solutions-high-volume-email-senders\" target=\"_blank\" rel=\"noopener noreferrer\">best warmup solutions for high-volume email senders<\/a>. Key considerations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IP reputation management.<\/strong> Warm up new IPs before full-volume use. Warmy automates this using its Adeline AI engine, which builds personalized warmup schedules per mailbox.<\/li>\n\n\n\n<li><strong>Real-time monitoring.<\/strong> A single missing include in your SPF record can affect thousands of emails before anyone notices. Monitor your DMARC aggregate reports weekly.<\/li>\n\n\n\n<li><strong>Separate transactional from marketing.<\/strong> Dedicated IPs for transactional email protect your highest-priority sends from reputation issues in marketing campaigns.<\/li>\n\n\n\n<li><strong>List hygiene.<\/strong> High bounce rates and spam complaints damage sender reputation faster at scale. Audit your lists regularly.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"965\" height=\"641\" src=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2026\/06\/Adeline-AI.png\" alt=\"Adeline AI\" class=\"wp-image-6958\" title=\"\" srcset=\"https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2026\/06\/Adeline-AI.png 965w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2026\/06\/Adeline-AI-300x199.png 300w, https:\/\/www.warmy.io\/blog\/wp-content\/uploads\/2026\/06\/Adeline-AI-768x510.png 768w\" sizes=\"auto, (max-width: 965px) 100vw, 965px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>SPF, DKIM, and DMARC are now enforced requirements at Gmail and Outlook \u2014 not best practices. Configure SPF to authorize your Postmark sending servers, add DKIM to sign every outbound message, and deploy DMARC in monitoring mode before enforcing. Once all three are in place and your reports show consistent alignment, your domain is protected and your email consistently reaches the inbox.<\/p>\n\n\n\n<p>Warmy&#8217;s free tools make every step verifiable: the SPF Record Generator, the DMARC Record Generator, and the Email Deliverability Test are all available at no cost to confirm your setup is correct before your next campaign.<\/p>\n\n\n\n<p><strong>Ready to protect your sender reputation at scale?<\/strong> <a href=\"https:\/\/www.warmy.io\/book-a-demo\" target=\"_blank\" rel=\"noreferrer noopener\">Book a free Warmy demo<\/a> and see how Warmy&#8217;s AI monitors your authentication health, warms up your domain, and keeps your email out of spam \u2014 no technical expertise required.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"How Warmy.io Works in 2026\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/smB4UXIV_Xk?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>SPF, DKIM, and DMARC are the three email authentication protocols every sender must configure to reach the inbox. SPF authorizes which servers can send on your domain&#8217;s behalf, DKIM signs each email with a cryptographic key, and DMARC enforces policy when either check fails. Together they protect your domain from spoofing, satisfy Gmail and Outlook&#8217;s [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7102,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[104],"tags":[],"class_list":["post-3926","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-deliverability"],"acf":[],"lang":"en","translations":{"en":3926},"pll_sync_post":[],"_links":{"self":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts\/3926","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/comments?post=3926"}],"version-history":[{"count":3,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts\/3926\/revisions"}],"predecessor-version":[{"id":7107,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/posts\/3926\/revisions\/7107"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/media\/7102"}],"wp:attachment":[{"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/media?parent=3926"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/categories?post=3926"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.warmy.io\/blog\/wp-json\/wp\/v2\/tags?post=3926"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}