Applies to: Domains, Managed Hosting for WordPress, Microsoft 365 from GoDaddy, Professional Email, Professional Email powered by Titan, VPS Hosting, Web Hosting (cPanel), Websites + Marketing

GoDaddy ヘルプ

What is DKIM, DMARC and SPF?

Email authentication is essential for protecting your domain from phishing, spoofing and spam. DKIM, DMARC and SPF are the 3 core protocols that work together to verify sender identity, prevent unauthorized use of your domain and improve email deliverability.

  • DKIM (DomainKeys Identified Mail): Adds a digital signature to outgoing emails, verifying they haven’t been altered and confirming the sender’s identity. This helps prevent impersonation and ensures your emails reach inboxes instead of going to spam.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Builds on SPF and DKIM, letting you set policies for handling unauthenticated emails and receive reports on authentication results. You can define whether you want suspicious email monitored, sent to quarantine or rejected/blocked.
  • SPF (Sender Policy Framework): Lets you specify which email servers are allowed to send email for your domain using a TXT record in your DNS. If an email is sent from an unauthorized server, it may be flagged as spam or rejected.

Why do I need to use all 3 protocols?

Using DKIM, DMARC and SPF together helps protect your domain from misuse and improves email deliverability. Major providers like Google, Yahoo, AOL and Verizon now require these protocols; without them, your messages may be rejected and bounce back.

Required: The following setup instructions apply only to domains with DNS managed at GoDaddy. If your DNS is hosted elsewhere, you can find the default DNS records for your email plan in the following articles, but you'll need to update the values with your provider.

If you use email with another provider: You can use our DMARC record, but refer to your provider’s documentation for SPF and DKIM setup.

Set up email authentication

DKIM adds a digital signature to your emails. Without DKIM, your domain is more vulnerable to impersonation and your emails may be flagged as suspicious or land in spam folders.

Note: DKIM is not available for Managed Hosting for WordPress.

DMARC lets you define how receiving servers handle emails that fail SPF or DKIM checks. Starting April 2025, all new domains purchased with GoDaddy have DMARC set up automatically. If you purchased your domain before April 2025, DMARC will be added automatically in the future. However, if you want DMARC added sooner, you can add the following record to your DNS:

  • Type: TXT
  • Name: _dmarc
  • Value: v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto:dmarc_rua@onsecureserver.net;
    • The email address following rua= is where daily reports go. By default, these go to GoDaddy and only include technical information about email authentication and sending servers; they don’t contain any personally identifiable information (PII). You can change this address if you prefer.
  • TTL: Default

For product-specific instructions, check out the articles below:

SPF records specify which servers can send emails for your domain.

Related steps

More info