Skip to main content
Digitization in the SME sectorUniversities

DKIM, SPF, MX, DMARC – understanding the key terms for successful email delivery

By 29. February 2024No Comments7 min read
  1. Sender domain: Your sender domain (e.g, ‘‘) is the key to the DKIM signature, which guarantees the authenticity of your sender address.
  2. DKIM (DomainKeys Identified Mail): DKIM checks the authenticity of your e-mail sender address by means of a forgery-proof signature in the e-mail header.
  3. SPF (Sender Policy Framework): SPF ensures that your sender IP is authorized to send the email and prevents it from being sent via unauthorized servers.
  4. MX (Mail Exchange): The MX record specifies the domain name of the mail server and determines the priority of use.
  5. DMARC (Domain-based Message Authentication, Reporting, and Conformanc): DMARC provides clear instructions on how to deal with a newsletter that cannot be confirmed as authentic.

Why is DKIM so important?

The importance of DKIM lies in the following decisive advantages:

1. authenticity and reputation: Newsletters signed by DKIM are recognized by the mailbox provider as unaltered, which strengthens your reputation as a reputable sender. This contributes to your emails being classified as trustworthy.

2. Vermeidung von SPAM-Klassifizierung: Die DKIM-Signatur verhindert, dass deine Nachrichten fälschlicherweise als Phishing oder Mail-Spoofing eingestuft werden. Dadurch bleiben deine Öffnungsraten stabil, da deine E-Mails nicht im SPAM-Ordner landen.

3. Erfüllung von SPAM-Prüfkriterien: Prominente E-Mail-Dienste wie GMail oder GMX setzen eine passende DKIM-Signatur voraus. Die individuelle DKIM-Signatur für deine Absenderadresse ist entscheidend, um diese Anforderungen zu erfüllen.

Favor the delivery of newsletters

One important thing that concerns us is your domain’s DMARC policy. This gives the incoming mail server clear instructions on how to handle a newsletter that cannot be confirmed as authentic. In addition to the necessary SPF and DKIM entries, it is therefore important that a correct DMARC policy is also set for your domain. If this is missing, your newsletters could have serious problems with delivery in the future, as they could be automatically rejected.

You have various options:

  • none: If a newsletter is classified as suspicious, nothing happens at first.
  • quarantine: Suspicious newsletters end up in the recipient’s spam folder.
  • reject: Suspicious newsletters are rejected immediately and the recipient does not receive them.

It’s smart to utilize the full potential of DMARC protection by setting up more complex DMARC policies in the future. Here are some settings that can help:

  • adkim/aspf (DKIM alignment/SPF alignment): This ensures accuracy when checking DKIM/SPF entries.
  • sp (subdomain policy): Here you define how subdomains should behave.
  • fo (failure reporting): This enables reports on failed DKIM and/or SPF checks.
  • ruf/rua/rf/ri: This allows you to define the format, interval and recipient for reports.
  • pct (percentage): This determines the percentage of total incoming newsletters that are to undergo the DMARC check.

It’s important to know that DMARC is there to protect your recipients. To ensure that no legitimate newsletters are accidentally rejected, I recommend starting with “none” or “quarantine” and then observing the opening behavior over a longer period of time before switching to “reject”.

The correct configuration of these settings helps enormously to improve the delivery of your newsletters and ensure that they reach the recipients successfully.

Risks of DMARC guidelines

While with “none” and “quarantine” we leave the final check of suspicious newsletters to the recipients, with “reject” as the sender you prevent this behavior right from the start. With the “reject” variant, you theoretically protect your recipients from fake newsletters in your name.

In practice, however, there are some cases that can lead to legitimate newsletters failing the DMARC check, especially in the case of automatically forwarded emails.

Conclusion and recommendation for action

To ensure the best possible delivery rate for your emails, it is crucial that all sender domains have a valid DKIM entry. As a member of the Certified Senders Alliance (CSA), you are obliged to only send DKIM-signed newsletters.

Overall, careful configuration of DKIM, SPF, MX and DMARC is crucial to ensure that your emails are not only received, but also perceived as trustworthy. Test different DMARC policies, monitor the results and continuously optimize to get the most out of your email marketing.

Why is SPF important?

SPF ensures that only legitimate mail servers are allowed to send your emails. This prevents sending via unauthorized servers and contributes to the security of your communication.

What is the MX record for?

The MX record indicates which mail server is responsible for your sender domain and what priority it has. This helps your emails to be sent smoothly.

How do I check whether DKIM and SPF are set up correctly?

There are online tools that can check the validity of DKIM and SPF. You can use such tools by entering your sender domain. Also regularly check the logs of your email service provider to identify any problems.

Should I implement SPF and DKIM if I am already using DMARC?

Yes, definitely. I highly recommend using both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), even if you already have DMARC set up. These authentication methods are designed to work together and together form a strong framework for the security and authenticity of your emails.

Why is it important to use SPF and DKIM in addition to DMARC?

SPF and DKIM complement DMARC by providing additional layers of security for email authentication. If you use all three methods at the same time, you significantly strengthen the defense against phishing and spoofing and increase trust in your emails.

Can DMARC alone be enough to guarantee e-mail security?

Although DMARC plays an important role in securing your email, combining it with SPF and DKIM is highly recommended to ensure comprehensive and effective email authentication. Each method contributes specific security aspects and together form a robust line of defense.

Does the parallel use of SPF and DKIM with DMARC affect email deliverability?

No, on the contrary. Using SPF and DKIM at the same time as DMARC improves deliverability by providing clear and consistent information about the authenticity of your emails to the inbox servers. This helps to bypass spam filters and optimize delivery rates.

Are there additional advantages to using all three authentication methods?

Yes, using SPF, DKIM and DMARC not only provides a higher level of security against phishing, spoofing and spam, but also strengthens your email reputation. This is crucial for reliable delivery and the trust of your recipients.

By integrating SPF and DKIM with DMARC, you create a comprehensive security network for your email communication.


Author Katarina

Katarina has been enriching the Matoma team with her extensive expertise for over fifteen years. In 2023 she was appointed authorized representative and focuses on medium-sized companies as a leading expert in the field of digitalization. Your particular focus is on generating and qualifying leads. Katarina is a driving force behind innovative digital solutions that drive the company forward.

More posts by Katarina