You’ve heard some technical jargon about DNS in a recent meeting — SPF, DKIM, DMARC — but what do these actually mean for your email deliverability?
I’ve been there!
It’s easy to let your consultant or web developer handle it without fully understanding what’s going on under the hood.
So let’s break down what these DNS records actually do and why you should care.
What DNS records are (in plain terms)
DNS stands for Domain Name System. Think of it as the internet’s phone book — it tells the world who’s authorized to do what with your domain.
When it comes to email, three DNS records matter most: SPF, DKIM, and DMARC.
Together, they prove to inbox providers like Gmail and Yahoo that your emails are actually coming from you and haven’t been tampered with along the way.
Without them, your emails are more likely to land in spam or get blocked entirely.
SPF: the guest list
SPF (Sender Policy Framework) says, “these are the services allowed to send email on behalf of our domain.”
Any platform you use to send email needs to be listed in your SPF record. If a service isn’t on the list, inbox providers may treat those emails as suspicious.
It’s a guest list. If your name’s not on it, you’re not getting in.
DKIM: the wax seal
DKIM (DomainKeys Identified Mail) adds a digital signature to every email you send.
It lets the receiving server verify that the message wasn’t altered in transit. Think of it like a wax seal on a letter.
Most email platforms generate the DKIM key for you. Your job is to make sure it’s published in your DNS.
DMARC: the bouncer’s instructions
DMARC (Domain-based Message Authentication, Reporting, and Conformance) ties SPF and DKIM together.
It tells inbox providers what to do when an email fails authentication: let it through, quarantine it, or reject it outright.
DMARC has three policy levels: “none” (monitor only), “quarantine” (send failures to spam), and “reject” (block them entirely). If you’re still at “none,” you’re watching but not protecting.
Why this matters right now
Google and Yahoo began enforcing stricter authentication requirements for bulk senders in 2024.
If you’re sending more than 5,000 emails a day to Gmail or Yahoo addresses, SPF, DKIM, and DMARC aren’t optional anymore.
Microsoft followed with similar rules for Outlook, Hotmail, and Live.com in May 2025. Google’s full sender guidelines are worth bookmarking.
How to check where you stand
MXToolbox has free lookup tools for SPF, DKIM, and DMARC records.
Plug in your domain and see what comes back. If anything is missing or misconfigured, that’s your starting point for a fix.
If your DMARC policy is set to “none,” make a plan to move to “quarantine” and eventually “reject.”
That progression protects your domain and is also a prerequisite for displaying your logo via BIMI.
The bottom line
DNS records aren’t glamorous. But they’re the foundation everything else in your email program sits on — deliverability, sender reputation, even your BIMI logo.
You don’t need to become a DNS expert. You just need to know enough to ask the right questions and make sure the basics are covered.
Industry events
Free: Introduction to Web Accessibility for Nonprofits
Mon, Apr 20, 11:00 AM ETFree: Maximizing the Return on Information: How Data Powers Every Stage of Fundraising Success
Thu, Apr 30, 12:00 PM ETJun 4-6 - Philadelphia, PA
Check our events list for more or reply to this email to submit one for consideration.
Quick hits
Media Cause posted a comprehensive analysis with 20 essential lessons from 2025 to help supercharge your 2026 efforts — from authentic urgency to building trust.
Looking for a new P2P software solution to help level up your multichannel fundraising efforts? Raise Heck just released a helpful new guide to simplify your decision-making process.
Movement Voter Project is hiring a Digital Communications Manager to oversee their donor stewardship, with a focus on scaling digital fundraising, optimizing performance through email automations and testing, and growing their supporter base to drive action. Remote, $100-120K.
‘Til next time!
Sara