gmail and outlook run invisible pre-send checkpoints before your email reaches anyone.

the first checkpoint: authentication. SPF, DKIM, DMARC. if these aren't configured properly, you're flagged before your email is even read.

this is the #1 preventable deliverability killer. and most agencies skip it or misconfigure it.

what each record does

SPF (Sender Policy Framework)

→ tells receiving servers which IPs are authorised to send email from your domain

→ without it: anyone can spoof your domain. servers treat your emails as suspicious.

DKIM (DomainKeys Identified Mail)

→ adds a digital signature to every email you send

→ without it: servers can't verify the email actually came from you. trust score drops.

DMARC (Domain-based Message Authentication)

→ tells servers what to do when SPF or DKIM fails (quarantine, reject, or nothing)

→ without it: you have no policy. servers make their own decision. usually that decision is spam.

your authentication checklist

• [ ] SPF record exists on every sending domain
• [ ] SPF record includes your sending platform's IPs
• [ ] SPF record doesn't exceed the 10-lookup limit
• [ ] DKIM is enabled and the signature passes verification
• [ ] DMARC record exists (even if set to "none" initially)
• [ ] DMARC is set to at least p=quarantine (not p=none) for production domains