DKIM, SPF, and DMARC are DNS-based email authentication standards that prove your emails are legitimate and protect your domain from spoofing.

SPF (Sender Policy Framework)

SPF tells receiving servers which IP addresses are allowed to send email on behalf of your domain. Add this TXT record to your DNS:

Type: TXT
Name: @
Value: v=spf1 include:trans.misar.io include:spf.misar.io ~all

If you already have an SPF record, add include:spf.misar.io to it rather than creating a second record (you can only have one SPF record per domain).

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to your emails. MisarMail generates the DKIM key pair for you:

1. Go to Settings → Domains → Your Domain → DKIM Setup.
2. Copy the DKIM public key record.
3. Add it as a TXT record to your DNS at mail._domainkey.yourdomain.com.
4. Click Verify DKIM in MisarMail once DNS propagates (up to 48 hours).

DMARC (Domain-based Message Authentication)

DMARC tells receiving servers what to do when SPF or DKIM checks fail. Start with a monitoring policy:

Type: TXT
Name: _dmarc
Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Once you''ve verified SPF and DKIM are passing, upgrade to p=quarantine and eventually p=reject for maximum protection.