Guides

Email authentication guides

Practical, no-nonsense guides to SPF, DKIM and DMARC. Fix what is broken and keep your mail out of spam.

dmarc

550-5.7.26 'Unauthenticated Sender' in Gmail: What It Means and How to Fix It

Gmail returns 550-5.7.26 when a message has no passing, aligned authentication. This guide decodes the exact wording and maps it to three fixable causes: neither SPF nor DKIM passing, an SPF or DKIM pass that does not align with your From domain, and a missing DMARC record. Includes a copy-paste diagnostic checklist and a free domain check that shows which of the three is failing.

May 1, 20266 min read
security

DMARC for Parked and Non-Sending Domains: The Day-One p=reject Setup

A domain that never sends email is a favorite target for spoofing. This guide gives you the copy-paste lockdown record set for a parked or non-sending domain: v=spf1 -all, an empty DKIM key, a null MX, and a straight-to-p=reject DMARC record with no monitoring rollout. You will also get a CNAME pattern to manage dozens of parked domains from one central record, plus how to confirm the lockdown with a free checker.

Apr 29, 20267 min read
deliverability

How to Check Your Email Deliverability: A Free Step-by-Step Audit

Check your email deliverability for free by running the checks in the order a pro would: authentication with our scanner first, then blocklist status, a real seed and inbox-placement test, Google Postmaster Tools and Microsoft SNDS reputation, and finally content and spam scoring. This audit gives you a full inbox-placement picture without paying for a suite.

Apr 26, 20266 min read
deliverability

Google Postmaster Tools: How to Set It Up and Read Every Dashboard

Google Postmaster Tools shows how Gmail actually treats your mail: domain reputation, spam rate, authentication pass rates, delivery errors and the feedback loop. This guide walks through TXT-record verification, explains why the dashboards stay empty until SPF, DKIM and DMARC line up, and decodes every graph in plain English so you know exactly what to fix.

Apr 24, 20268 min read
deliverability

Domain Reputation vs IP Reputation: Which One Controls Your Inbox Placement

Domain reputation and IP reputation both decide whether your mail lands in the inbox, but they behave differently. This guide compares what each one measures, how portable it is, and how long it takes to recover, plus the 2026 reality that Gmail now weighs your domain more than your sending IP. Includes a decision guide for shared versus dedicated IP senders and how authentication alignment ties the two together.

Apr 22, 20267 min read
security

How to Set Up TLS-RPT: SMTP TLS Reporting DNS Record Step by Step

TLS-RPT tells sending mail servers where to send daily reports when TLS negotiation to your domain fails. Add one TXT record at _smtp._tls.yourdomain.com with v=TLSRPTv1 and a rua endpoint, point it at a dedicated reporting mailbox or HTTPS collector, and you get visibility into encryption failures. This guide gives you the exact copy-paste record, the operational details most guides skip, and how TLS-RPT works alongside MTA-STS and DANE.

Apr 19, 20268 min read
security

How to Set Up DANE and TLSA Records for Email (SMTP)

DANE lets you pin your mail server's TLS certificate in DNS so sending servers refuse to deliver over a downgraded or spoofed connection. This guide gives you the exact build order: confirm DNSSEC end to end, generate the hash from your STARTTLS certificate with OpenSSL, publish a TLSA record at _25._tcp.your-mx-host, and pick the right usage, selector, and matching type. Includes validation steps and the DNSSEC mistake that breaks most first attempts.

Apr 17, 20268 min read
deliverability

BIMI Without a VMC: How Self-Asserted BIMI and CMCs Actually Work

You can publish BIMI without a VMC. Self-asserted BIMI shows your logo in Yahoo, AOL and Fastmail with no certificate at all. A Common Mark Certificate adds Gmail logo display without a registered trademark. A Verified Mark Certificate is the only path to the Gmail blue checkmark. This guide gives you a clear decision map, the record syntax, and the DMARC prerequisites every path shares.

Apr 15, 20267 min read
dkim

Google Workspace SPF, DKIM & DMARC Setup: A Complete Step-by-Step Guide

A precise, ordered walkthrough for authenticating a Google Workspace domain. Copy the exact SPF value, run the Admin Console DKIM "Start Authentication" flow with the 2048-bit key set correctly, then add DMARC last. Validate each record live before moving on so you never stack a second mistake on top of the first.

Apr 12, 20266 min read
dkim

Amazon SES SPF, DKIM & DMARC Setup: The Complete DNS Configuration

Amazon SES passes SPF by default but does not align it for DMARC until you configure a custom MAIL FROM subdomain. This guide walks through Easy DKIM's three CNAME records, domain identity verification, the SPF TXT and MX records that fix DMARC alignment, and how to verify the whole stream in the checker before you enforce a reject policy.

Apr 10, 20267 min read
dkim

SendGrid Domain Authentication: SPF, DKIM & DMARC Setup (Automated vs Manual Security)

SendGrid Domain Authentication publishes CNAME records on a delegated em1234 subdomain so SPF and DKIM pass without touching your root SPF. This guide explains the delegated-subdomain model, contrasts Automated Security (CNAME) versus Manual (TXT), and shows how to add the DMARC policy SendGrid will not create for you, then confirm every CNAME resolves.

Apr 8, 20266 min read
dkim

How to Set Up SPF, DKIM, and DMARC for Mailchimp (2026 Step-by-Step)

Mailchimp authentication in 2026 is simpler than most guides claim: two CNAME records for DKIM and one TXT record for DMARC, with no SPF include to edit. This guide shows the exact records to paste, how to verify them with a free checker, and how to read your first DMARC report so campaigns align and stop landing in spam.

Apr 5, 20267 min read
PreviousPage 2 of 6Next
Email Authentication Guides - SPF, DKIM and DMARC | SPFWise