Email authentication is non-negotiable for cold email in 2026. Gmail and Microsoft now require SPF, DKIM, and DMARC for bulk senders. Without them, your emails go straight to spam.
SPF Setup
What It Does
SPF (Sender Policy Framework) tells receiving servers which IP addresses can send email from your domain.
How to Set It Up
- Log into your DNS provider
- Add a TXT record:
- Name: @ (or your domain)
- Value:
v=spf1 include:_spf.google.com ~all
- If using multiple providers, combine them:
v=spf1 include:_spf.google.com include:sendgrid.net ~all
DKIM Setup
What It Does
DKIM adds a cryptographic signature to your emails, proving they haven't been altered in transit.
How to Set It Up
- Generate DKIM keys in your email provider (Gmail Admin > Apps > Google Workspace > Settings for Gmail)
- Copy the TXT record value
- Add a TXT record in your DNS:
- Name:
google._domainkey(or as specified) - Value: the generated key
- Name:
DMARC Setup
What It Does
DMARC tells receiving servers what to do with emails that fail SPF or DKIM checks.
How to Set It Up
- Start with monitoring mode:
- Add a TXT record:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
- Add a TXT record:
- After 2-4 weeks, review reports
- Gradually tighten:
p=quarantinethenp=reject
Verification
Use tools like MXToolbox to verify all three records are correctly configured before sending your first cold email campaign.
