Delivery flaky at Gmail and Outlook, SPF/DKIM/DMARC are separate, want them as a coherent bundle
Since Google and Yahoo tightened delivery rules (February 2024), having all three is required for senders above 5000 mails/day and recommended for everyone. SPF protects envelope-from, DKIM signs the message, DMARC tells receivers what to do on failure.
Try this first
- 1Start with SPF: one TXT at apex, 'v=spf1 include:<provider> include:<other-sender> ~all'. Do not stack, stay under 10 DNS lookups.
- 2DKIM: let every sender (M365/Google/Mailgun/Postmark/SendGrid) create its own selector, place the CNAME or TXT as specified, and only enable in the portal after DNS resolves.
- 3DMARC: TXT at _dmarc.yourdomain, start with 'v=DMARC1; p=none; rua=mailto:dmarc@yourdomain; pct=100'. Read reports for 2 weeks before tightening.
- 4Move to p=quarantine with pct=10, then 50, then 100, until no legitimate mail lands in quarantine.
- 5End state p=reject once all sources are aligned. Then nobody sends on your behalf and spoofing is actively rejected.
When to bring us in
If you have many senders and no overview which system is aligned, we plan a DMARC rollout with reporting so you can move to reject in phases.
See also
- Domain expires tomorrow and nobody saw the emailAn expired domain doesn't transfer instantly. There's a redemption window, but you pay extra.
- Unsure whether to enable auto-renewDisabling auto-renew only makes sense for domains you'll truly drop. For anything live, just keep it on.
- New registrar asks for auth code, can't find itEPP code or transfer code is the password to move a domain from registrar A to B.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.