Skip to main content

Understand SPF, DKIM and DMARC protocols

SendinBlue supports all standard email signatures: SPF, DKIM, and DMARC. These three protocols meet various safety issues and all three must be implemented in order to ensure the best possible deliverability, both on a shared and dedicated IPs. They are all based on the DNS of your domain name.

What is a SPF protocol? The SPF protocol, which is based on the DNS of your domain name, can certify that the issuing IP has the right to send emails. This protocol is used to prevent fraudulent use of your domain name and prevent third parties from pretending to be you. This protocol is particularly effective against phishing attacks.

What is a DKIM protocol? The DKIM protocol is a cryptographic protocol based on the use of public keys that are published in your DNS. The protocol allows you to sign your email with your domain name, just as you would sign a letter with your signature. The recipient of your email will then be sure that the email he or she received has been written by you and has not been altered during transmission. This protocol is particularly effective against "man in the middle" attacks.

What is a DMARC protocol? Both DKIM and SPF protocols are complementary and respond to different types of fraud. However, they have the disadvantage of not giving acting instructions in case of an attack. The DMARC protocol overcomes this deficiency and provides indications in case there is an attack. It is possible to be notified if someone tries to steal your identity (if the attacker uses an unauthorized IP or has modified the contents of your email, for example).

It's easy to verify if your emails have been signed. Gmail allows you to quickly see if your email is signed through the three protocols: SPF, DKIM and DMARC. There are two steps:

1. Review your original email 


2. Review the source code and check the references "spf=pass", "dkim=pass", and "dmarc=pass"



In this example, the references "spf=pass", "dkim=pass" and "dmarc=pass " certify that the campaign is signed with the domain "". Signing your emails with your own domain name helps you manage your own reputation, either on our shared IP or your dedicated IP.

To review dedicated IP pricing, click here. To purchase an IP, login to your SendinBlue account and visit this pageClick here for more information about configuring a dedicated IP. Click here to learn how to configure these records for your sender.

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.