Setting Up Instantly's SPF, DKIM, and DMARC for Enhanced Deliverability
TABLE OF CONTENTS
Any company trying to increase email deliverability and defend their domain from phishing attempts must first set up SPF, DKIM, and DMARC records. This post will show how Instantly may leverage these strong email authentication systems to guarantee that its emails not only get to the inbox but also preserve the integrity and dependability of its communications. Knowing these systems will enable you to increase email engagement rates and protect your email reputation in a digital environment getting more crowded.
Understanding SPF, DKIM, and DMARC
Sender Policy Framework (SPF)
SPF is like a guest list for your emails. It’s a record that lists all the servers authorized to send emails on behalf of your domain.
How SPF Works
- You publish an SPF record in your domain’s DNS.
- When an email is sent, receiving servers check this record.
- If the sending server is on the “guest list,” the email passes SPF authentication.
- If not, it might be marked as suspicious or rejected.
DomainKeys Identified Mail (DKIM)
DKIM is a digital signature for your emails. It proves that the content hasn’t been tampered with during transit.
How SPF Works
- A private key is used to generate a unique signature for each email.
- This signature is added to the email headers.
- The public key is published in your domain’s DNS records.
- Receiving servers use this public key to verify the signature.
- If the signature is valid, the email passes DKIM authentication.
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
DMARC is the supervisor of SPF and DKIM. It tells receiving servers what to do with emails that fail authentication and provides feedback to the sender.
How DMARC Builds on SPF and DKIM
- DMARC requires that an email pass either SPF or DKIM (or both) checks.
- It allows domain owners to specify a policy for handling failed emails:
- Do nothing
- Quarantine (send to spam folder)
- Reject the email entirely
- DMARC generates reports, giving you visibility into who’s using your domain to send emails.
- It helps prevent email spoofing by ensuring alignment between the “From” address and the authenticated domain.
Setting Up Instantly SPF: A Step-by-Step Guide
Setting up SPF with Instantly is a straightforward process that will help improve your email deliverability. Follow these steps to get your SPF record up and running.
1. Accessing Instantly's SPF Setup Page
- Log in to your Instantly account.
- Navigate to the ‘Email Authentication’ or ‘SPF Setup’ section. This is typically found in the account settings or email configuration area.
- Look for an option labeled ‘Set up SPF’ or ‘Manage SPF Records’.
2. Creating an SPF Record
- On the SPF setup page, Instantly will likely provide a recommended SPF record for your domain.
- This record usually looks something like:
v=spf1 include:spf.instantly.ai ~all
- The
include:spf.instantly.ai
part allows Instantly’s servers to send emails on your behalf. - If you’re already using SPF, you may need to merge this with your existing record. Instantly should provide guidance on this.
3. Adding the SPF Record to Your DNS
- Copy the SPF record provided by Instantly.
- Log in to your domain registrar or DNS provider’s website.
- Find the DNS management section.
- Look for an option to add a new TXT record.
- In the ‘Host’ or ‘Name’ field, enter
@
or leave it blank (this applies the record to your root domain). - In the ‘Value’ or ‘TXT Value’ field, paste the SPF record you copied from Instantly.
- Save the new DNS record.
4. Verifying the SPF Setup
- Return to the Instantly SPF setup page.
- Look for a ‘Verify’ or ‘Check SPF’ button.
- Click this button to have Instantly check if your SPF record is correctly set up.
- If verification fails, double-check that you’ve added the record correctly in your DNS settings.
- Remember that DNS changes can take up to 48 hours to propagate, so you may need to wait and try verifying again later.
Once your SPF record is verified, Instantly will be authorized to send emails on behalf of your domain, improving your email deliverability and reducing the chances of your emails being marked as spam.
If you need to create a custom SPF record or want to ensure your record is correctly formatted, you can use the free SPF Generator tool provided by Warmy.io
Configuring Instantly DKIM
Navigating to Instantly's DKIM Configuration
- Log in to your Instantly account.
- Look for a “Settings” or “Account” tab in the main navigation menu.
- Find and click on “Email Authentication” or “DKIM Setup” in the submenu.
You should see a page with options for different email authentication methods, including DKIM.
2. Generating DKIM Keys
- On the DKIM setup page, look for a button that says “Generate DKIM Keys” or “Create DKIM Record.”
- Click this button. You should see a loading indicator as Instantly generates your keys.
- Once generated, you’ll see two pieces of information:
- A long string of characters (your public key)
- A selector (usually a short string like “instantly” or a random set of characters)
3. Adding the DKIM Record to Your DNS
- You’ll see instructions for adding the DKIM record to your DNS. It will look something like this:
- Host/Name: [selector]._domainkey.yourdomain.com
- Type: TXT
- Value: v=DKIM1; k=rsa; p=[long string of characters]
- Copy this information.
- Open a new tab and log into your domain registrar or DNS provider.
- Navigate to your DNS management area.
- Create a new TXT record using the information provided by Instantly.
4. Activating DKIM in Instantly
- Back in Instantly, look for an “Activate DKIM” or “Enable DKIM” button.
- Click this button. You might see a warning that DNS propagation can take up to 48 hours.
- Confirm that you want to activate DKIM.
5. Testing DKIM Configuration
- On the DKIM setup page, find a “Verify DKIM” or “Test Configuration” button.
- Click this button. Instantly will run a check on your DKIM setup.
- You’ll see one of two results:
- A green success message if DKIM is correctly configured
- A red error message with troubleshooting steps if there’s an issue
If the test fails, you may need to wait longer for DNS propagation or double-check your DNS settings.
Implementing Instantly DMARC
1. Accessing Instantly's DMARC Setup
- Log in to your Instantly account.
- Navigate to the “Email Authentication” or “Security Settings” section.
- Look for a “DMARC Setup” or “Configure DMARC” option.
You’ll see a page explaining DMARC and its benefits, with an option to start the setup process.
2. Creating a DMARC Policy
- Click on “Create DMARC Policy” or a similar button.
- You’ll see options for configuring your DMARC policy:
- Policy action (None, Quarantine, or Reject)
- Percentage of emails to apply the policy to
- Reporting options
- Choose your settings. For beginners, Instantly might recommend starting with:
- Policy: None (p=none)
- Percentage: 100% (pct=100)
- Reporting: Send reports to a provided email address
- After selecting your options, you’ll see a preview of your DMARC record.
3. Publishing the DMARC Record in DNS
- Instantly will provide you with the DMARC record to add to your DNS. It will look similar to: v=DMARC1; p=none; rua=mailto:dmarc_reports@yourdomain.com; pct=100
- Copy this record.
- Log into your domain registrar or DNS provider’s website.
- Go to your DNS management area.
- Create a new TXT record:
- Host/Name: _dmarc
- Type: TXT
- Value: [Paste the DMARC record here]
- Save the new DNS record.
4. Monitoring DMARC Reports
- Back in Instantly, look for a “DMARC Reporting” or “View Reports” section.
- You’ll see options to view and analyze DMARC reports.
- Reports typically include:
- Sources of emails using your domain
- Pass/fail rates for SPF and DKIM
- IP addresses sending emails
Initially, this section might be empty as it takes time to receive and process reports.
5. Adjusting DMARC Policy Based on Results
- After receiving reports for a while (usually a few weeks), return to the DMARC setup page.
- Look for an “Adjust Policy” or “Update DMARC” option.
- Based on the report data, you might consider:
- Increasing the policy strictness (e.g., from ‘none’ to ‘quarantine’)
- Adjusting the percentage of emails the policy applies to
- Adding additional reporting emails
- Make your changes and save the new policy.
- Instantly will provide you with an updated DMARC record.
- Update this record in your DNS settings as you did in step 3.
Before you start creating your DMARC policy in Instantly, you might find it helpful to use the free DMARC Generator tool provided by Warmy.io
You can use this generated record as a reference when setting up your DMARC policy in Instantly. It can be particularly helpful in understanding the different components of a DMARC record and ensuring you have all the necessary elements.
Advanced Considerations for SPF, DKIM, and DMARC with Instantly
SPF Advanced Tips
- SPF Record Length: SPF records have a 255-character limit. If your record exceeds this, consider using the ‘include’ mechanism to reference a secondary record.
- SPF Flattening: If you’re close to the 10 DNS lookup limit for SPF, use SPF flattening to combine all IP addresses into a single record.
- SPF Softfail vs Hardfail: Consider using ~all (softfail) instead of -all (hardfail) initially to prevent legitimate emails from being blocked while you’re fine-tuning your SPF record.
- Regular Expression Usage: For complex setups, you can use regular expressions in your SPF record to specify IP ranges, like “ip4:192.0.2.0/24”.
DKIM Advanced Considerations
- Key Rotation: Implement a key rotation policy. Instantly may offer automated key rotation; if not, plan to manually rotate your DKIM keys annually.
- Multiple Selectors: Consider using multiple DKIM selectors for different email streams (e.g., marketing vs. transactional) to maintain separate reputations.
- Key Length: While 1024-bit keys are standard, consider using 2048-bit keys for enhanced security if Instantly supports it.
- CNAME Usage: For easier management across multiple subdomains, use CNAME records pointing to a single DKIM record managed by Instantly.
DMARC Advanced Tactics
- Subdomain Policies: Implement separate DMARC policies for subdomains using the “sp” tag in your DMARC record.
- Forensic Reporting: In addition to aggregate reports (rua), consider setting up forensic reporting (ruf) for detailed information on authentication failures.
- Report Parsing: Implement automated parsing of DMARC reports. Instantly may offer this feature, or you might need to use third-party tools.
- Policy Adjustment Automation: Set up automated alerts based on DMARC report data to prompt policy adjustments when certain thresholds are met.
Cross-Protocol Considerations
- Alignment: Ensure identifier alignment across SPF, DKIM, and DMARC. The “From” domain should match the domain authenticated by SPF and DKIM.
- Third-Party Senders: If you use third-party services that send email on your behalf, ensure they’re properly authorized in your SPF record and can sign emails with your DKIM key.
- Monitoring and Alerting: Implement comprehensive monitoring across all three protocols. Set up alerts for sudden changes in authentication pass rates or unexpected sending sources.
- Testing: Regularly test your email authentication setup using tools like DMARC Analyzer or DMARC Inspector to catch issues proactively.
- Documentation: Maintain detailed documentation of your email authentication setup, including all authorized sources, DKIM selectors, and policy decisions.
Remember, while these advanced tactics can significantly enhance your email authentication, always consult with Instantly’s documentation or support team to ensure compatibility with their system and best practices.
Conclusion
Maintaining your sender reputation and making sure your emails find your intended recipients depend on first setting up SPF, DKIM, and DMARC with Instantly. This is about laying a strong basis for your email communications, not only about technical execution.
Using all three protocols builds a complete protection against phishing efforts and email spoofing.
Recall that email authentication is an active process. Crucially, you should routinely evaluate your settings, track your DMARC reports, and change your policies as necessary. offers the tools and direction right now to enable this ongoing process to be under control and successful.
📜 Related articles: