Generate copy-paste SPF and DMARC TXT records for your sending domain in seconds — pick your provider and DMARC policy, and get the exact records plus DKIM guidance.
v=spf1 include:_spf.google.com ~allv=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; fo=1; adkim=r; aspf=r; pct=100Publish these as TXT records in your DNS, keep only one SPF record per domain, and start DMARC at p=noneto monitor before tightening. Generated in your browser; nothing is submitted. Verify against your provider's own setup docs.
SPF, DKIM, and DMARC are the three DNS records that authenticate your email so mailbox providers trust it. SPF lists which servers may send for your domain (e.g. v=spf1 include:_spf.google.com ~all); DKIM cryptographically signs your mail using a key your provider issues; and DMARC tells receivers what to do when SPF or DKIM fail and where to send reports (e.g. v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com). To set them up: publish one SPF TXT record with your provider's include, publish the DKIM record your provider gives you, and add a DMARC TXT record at _dmarc.yourdomain.com starting at p=none to monitor before tightening to quarantine or reject. The generator below builds your SPF and DMARC records from your provider and policy choices.
SPF (Sender Policy Framework) publishes which mail servers are allowed to send for your domain — receivers reject or flag mail from servers not on the list. DKIM (DomainKeys Identified Mail) adds a cryptographic signature so receivers can verify the message wasn't altered and really came from your domain. DMARC ties them together: it tells receivers what to do when SPF or DKIM fail (none / quarantine / reject) and sends you aggregate reports so you can see who's sending as your domain.
Always begin with p=none. It changes nothing about delivery but turns on reporting, so you can see every source sending as your domain and confirm your real senders pass SPF and DKIM. Once the reports look clean — your legitimate mail is authenticating and nothing important would be blocked — move to p=quarantine (failing mail to spam) and eventually p=reject (failing mail blocked). Jumping straight to reject before you've checked reports can silently block your own mail.
Keep exactly one SPF TXT record per domain — multiple SPF records break authentication. If you send from more than one service, combine their includes into a single SPF record. DKIM can't be generated here because the key pair is issued by your sending provider when you verify your domain; this tool tells you where to find it for your provider. Publish all three, then validate with your provider's checker before sending at volume.
SPF lists which servers are allowed to send email for your domain. DKIM cryptographically signs your messages so receivers can verify they're genuine and unaltered. DMARC ties the two together — it tells receivers what to do when SPF or DKIM fail (monitor, quarantine, or reject) and sends you reports. You need all three for strong authentication and good deliverability.
Publish a single TXT record on your root domain with the value v=spf1 followed by your provider's include (for example include:_spf.google.com for Google Workspace) and an 'all' mechanism — ~all (soft fail) or -all (hard fail). Keep only one SPF record per domain; if you use multiple senders, combine their includes into one record. The generator on this page builds it for your provider.
Start with p=none. It doesn't affect delivery but enables reporting so you can see every source sending as your domain and confirm your real mail authenticates. After your reports look clean, move to p=quarantine (failing mail to spam), then p=reject (blocked) once you're confident. Going straight to reject risks blocking your own legitimate mail.
Yes — it's free and runs entirely in your browser; nothing you enter is submitted or stored. JYNI offers it because authentication is foundational to cold email deliverability. When you send through JYNI's managed sender domains, this DNS setup and warmup are handled for you.
JYNI brings lead discovery, outreach, CRM, documents, and content into one workspace. Explore the industry and use-case hubs for the niches you serve.
JYNI combines AI lead discovery, compliant cold email from managed domains, and a CRM in one workspace — so finding, reaching, and managing customers happens in one place.
Book a Call →