Set up DKIM and DMARC

This article explains how to properly configure DKIM, SPF, and DMARC for your domain so as to improve your deliverability.

In this section

Why set up DKIM and DMARC?
Access DKIM / DMARC configuration

Why set up DKIM and DMARC?

The purpose of configuring DKIM is to prove the identity of email senders. It is an authentication protocol that allows email recipients to discern whether an email has been sent legitimately or not, favoring deliverability if they are properly configured. It is configured in your hosting provider with the values indicated in your Gumbamail account.

The reasons for using this protocol are more than enough:

  1. You will improve the open rate of your campaigns, as the email won't go to the spam folder automatically.
  2. You will protect your recipients from possible virtual scammers who want to use your domain name to carry out phishing.

Major mail servers such as Gmail, Outlook, or Yahoo pay special attention to whether the sender's identity has been previously verified when deciding whether to send a message to the inbox or spam folder. If these anti-spam filters are not configured, your shipping could end up in the spam folder.

What is DKIM

DKIM is an email authentication protocol that links a sender server with each sent email. Once configured, the message is cryptographically signed with the domain name so that the sender's identity is verified. This way, it is guaranteed that the message has not been tampered with during its transmission. Gumbamail takes care of the internal details of the process automatically.

What is SPF

SPF is another authentication protocol that allows a domain to designate servers that can legitimately send emails on its behalf. It consists of a DNS record that lists the servers to which that domain allows to send emails on behalf of the domain.

The best thing about this protocol is that you don't have to configure anything. In Gumbamail it is already configured by default.

What is DMARC

DMARC is a protocol that unifies the previous two. Before DMARC, email providers could decide for themselves what to do with emails that did not comply with the previous protocols (DKIM and SPF). Now with DMARC, you can explicitly specify a directive on what to do with them (send to the spam folder, reject them, etc.). This one, like DKIM, is configured in your hosting provider.

Since February 2024, the main mail servers such as Gmail, Outlook, and Yahoo consider it essential to have DMARC configured. If we do not configure it, we will likely end up in the spam folder.

Access DKIM / DMARC configuration

First of all, click on the domain row to access the domain settings. Remember that, prior to the DKIM/DMARC setup, your domain ownership should have been verified.

Go to the ANTISPAM tab, where all the information required is displayed and the actions required are explained. You will see a colored status label, indicating if the configuration of each protocol has been already verified or not.

Setu up DKIM

You will have to access the DNS records of your hosting provider, that is, the configuration of the provider where you have purchased your domain.

Then, you will need to add a CNAME record to your DNS configuration. The final value must be the one indicated by the extension.


  • For DKIM: When adding the new record, be aware that some providers add the domain name automatically, so check if you have to add the part that includes your domain or not.

Set up DMARC

You will have to access the DNS records of your hosting provider, that is, the configuration of the provider where you have purchased your domain.

Then, you will need to add a TXT record to your DNS configuration. Gumbamail will provide a basic value, but you can set up the behavior directive that you wish.

Regarding DMARC, this would be an example of value:


What does the above record mean?

  • v” is the DMARC version and is required.
  • p” indicates what the servers should do if they fail authentication. If it says “reject” it means that it rejects the message, in other words, it bounces it.
  • pct” indicates the percentage of unauthenticated messages that are subject to the DMARC policy. (100 = 100%).
  • rua” is the address to which DMARC activity reports will be sent.

If you want to understand all the parameters that you can set when configuring the DMARC protocol, take a look at this article.


  • For DMARC: If you already have registered a record of this type, you should not add a new record.


Click on their corresponding VERIFY button, so that we can check if the records exist and are correct. In case the verification fails, in the status field, you can obtain more information about what is wrong. In addition, you can check the list of records found during the verification. Remember that changes can take even more than 48 hours to spread.