Modern inboxes (Gmail, Outlook, Apple Mail) reject or junk email that fails any of these three checks. Maillayer's domain wizard gives you the exact record values for each provider, but here's what they actually do.
SPF — Sender Policy Framework
A TXT record listing IPs/hosts authorized to send mail for your domain. Receiving servers reject mail whose envelope-from doesn't match.
example.com. TXT "v=spf1 include:amazonses.com include:_spf.google.com -all"include:— delegate trust to your provider.-all— fail anything not listed (strongest).~allsoftfails (still deliverable but flagged).- You may have only one SPF record per domain — merge all providers into a single record.
DKIM — DomainKeys Identified Mail
A public key in DNS. The sending provider signs each outgoing message with the matching private key. Receivers verify the signature against the public key — proving the message wasn't tampered with and was sent by an authorized party.
m1._domainkey.example.com. TXT "v=DKIM1; k=rsa; p=MIIBIjANBgk..."- Each provider uses its own selector (the prefix before
._domainkey). Multiple providers can coexist on different selectors. - Maillayer's dashboard shows the exact selector + value to publish.
DMARC — alignment policy
Tells receivers what to do when SPF or DKIM fail. Highly recommended once SPF + DKIM are passing.
_dmarc.example.com. TXT "v=DMARC1; p=none; rua=mailto:[email protected]; aspf=s; adkim=s"p=none— monitor only (start here).p=quarantine— failed mail goes to spam.p=reject— failed mail bounces.rua=— aggregate report destination (daily XML reports).
- SPF + DKIM publish, send for a week.
- Add DMARC
p=noneand read the rua reports for two weeks. - Once reports look clean, move to
p=quarantinethenp=reject.
Warming a new domain
- Day 1–3: 50–100 sends/day, only to engaged contacts.
- Week 1: ramp to 500/day.
- Week 2: 2,000/day.
- Week 3+: double weekly until you hit your target volume.
Cold-blasting 100k from a brand-new domain is the fastest route to a permanent spam-folder placement.