Skip to main content

SPF, DKIM, DMARC and BIMI explained

 Email Security Made Easy: SPF, DKIM, DMARC & BIMI

When you send email from your domain, you want it to be trusted and not go to spam. Four tools help make that happen: SPF, DKIM, DMARC, and BIMI.

Let’s explain each one in plain English, and how to set them up.

1. SPF – Who’s Allowed to Send Emails for You

What It Does:
SPF is like a guest list. It tells the internet which servers are allowed to send emails from your domain.

How to Set It Up:
Add a TXT record to your domain’s DNS that looks like this:

v=spf1 include:_spf.mysmtp.com ~all

This tells the world that mySMTP.com is allowed to send emails for you.

How to Check It Works:
Go to test.smtp.ai, send a test email, and look for “SPF Pass”.

2. DKIM – Proves the Email Is Really From You

What It Does:
DKIM puts a digital "signature" on your emails, so others know they haven’t been changed.

How to Set It Up:

  • mySMTP gives you a DKIM record.
  • You add this TXT record to your domain’s DNS.

Example:

Type: TXT

Name: mysmtp._domainkey 

Value: The 2048 generated key

How to Check It Works:
Use test.smtp.ai again and check for “DKIM Pass.”

3. DMARC – Tells Email Servers What to Do if SPF/DKIM Fail

What It Does:
DMARC is like a security rule. It tells email services what to do if someone tries to send fake email from your domain.

How to Set It Up:
Add a TXT record to your DNS like this:

v=DMARC1; p=none; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.

  • p=none means "just watch, don’t block yet."
  • rua= is where reports are sent.

How to Check It Works:
Run a test at test.smtp.ai and look for “DMARC Pass.”

4. BIMI – Show Your Logo in Inboxes

What It Does:
BIMI shows your brand logo next to your emails in some email apps (like Gmail).

How to Set It Up:

  • You must already have DMARC working.
  • Upload your logo (in SVG format).
  • Add a TXT record like this:

v=BIMI1; l=https://yourdomain.com/logo.svg;

(You may need a special certificate called a VMC.)

How to Check It Works:
Use test.smtp.ai, but note: BIMI isn’t supported everywhere yet.

Final Tips

  • Double-check your DNS settings.
  • Test with test.smtp.ai.
  • Watch for reports if anything goes wrong.
  • All this helps your emails land in inboxes — and look more professional!