--- title: "Email authentication: SPF, DKIM, and DMARC" description: "Verify your sending domain's SPF, DKIM, and DMARC records right from the connector page, with one-click DNS setup for Cloudflare domains." canonical: "https://firstsales.io/changelog/email-authentication-spf-dkim-dmarc/" --- 1. [Home](/) 2. [Changelog](/changelog/) 3. Email authentication: SPF, DKIM, and DMARC [All updates](/changelog/) NewJune 3, 20262 min read # Email authentication: SPF, DKIM, and DMARC Verify your sending domain's SPF, DKIM, and DMARC records right from the connector page, with one-click DNS setup for Cloudflare domains. Email authentication is one of the most consequential, least visible parts of running cold outreach. SPF, DKIM, and DMARC records tell receiving mail servers that your emails are genuinely from you — not a spammer spoofing your domain. Without them, even well-written emails are more likely to land in spam or get rejected outright. Now you can check and fix all three directly from inside FirstSales, without leaving the app to dig through your DNS registrar. ## Authenticate your sending domain Each email connector now checks your SPF, DKIM, and DMARC records and shows you exactly what to add when something is missing. New Email authentication: SPF, DKIM, and DMARC Connector details with the Email Authentication checks highlighted ## What each record does * **SPF** (Sender Policy Framework) declares which servers are authorized to send email from your domain. Without it, receiving servers have no way to verify your messages are legitimate and are more likely to treat them with suspicion. * **DKIM** (DomainKeys Identified Mail) adds a cryptographic signature to every outgoing email. It proves the message wasn't altered in transit and that it genuinely originated from your domain — a signal mailbox providers use when deciding where to deliver. * **DMARC** builds on SPF and DKIM by telling receiving servers what to do with mail that fails authentication checks, and provides reporting on how your domain is being used across the internet. It also blocks domain spoofing more effectively than either record alone. All three together form the baseline for strong deliverability and for protecting your domain against misuse. ## How to use it 1. Open **Connectors** and click any email connector. 2. The **Email Authentication** section shows pass/fail for SPF, DKIM, and DMARC. 3. Click **Set Up DNS Records** for copy-paste instructions — or one-click publishing if your domain is on Cloudflare. 4. If your email provider doesn't sign outgoing mail with DKIM, FirstSales can manage a DKIM key for you. If a sending domain ever loses authentication — after a DNS change or a provider switch — you'll get an alert naming the affected domain so you can fix it fast. ## Why it matters for inbox placement Major mailbox providers — Gmail, Outlook, and others — have tightened their requirements around authentication. Domains without proper SPF, DKIM, and DMARC records face higher scrutiny. Getting all three in place before your first send is one of the highest-leverage steps toward consistent inbox placement. If you haven't checked your connector's authentication status yet, open **Connectors**, click your sending account, and look at the **Email Authentication** section. The check runs instantly and tells you exactly what's missing. For most setups, adding the missing records takes under ten minutes — and the impact on deliverability compounds with every send after that. [ PreviousClearer warmup status](/changelog/clearer-warmup-status/)[Next A fresh coat of paint](/changelog/brand-refresh-v4/)