Email signing and junk mail prevention: DKIM, DMARC and SPF

What are DKIM, DMARC and SPF?

These are methods of ensuring that system originated emails are verified by the receiving email system, and on that basis, are significantly less likely to end up in Junk/Spam mail folders.

  • DKIM stands for “Domain Keys Identified Mail”. DKIM is a method for digitally signing email with a key that any external recipient can validate with the clients DNS records in order to verify the email is genuine.
  • SPF stands for “Sender Policy Framework” and is an email validation system that verifies the address of the sender’s server.
  • DMARC stands for “Domain-based Message Authentication, Reporting and Conformance” and is a policy that allows a client to indicate that their emails are protected by SPF and/or DKIM.

How do I implement DKIM?

Your organisation needs to ask us to create a signing certificate, and then provide you with the public key. This public key is then given to your IT staff or ISP who can then add this to the relevant DNS record that your emails are sent as e.g.

How do I implement DMARC?

Similar to the other methods, your DNS record needs to state your DKIM and/or SPF policy which will in turn tell email recipients how to handle your email when it’s received.

How do I implement SPF?

Similar to DKIM you have to add a special entry in your DNS record with your ISP which indicates that our email servers can send mail on your behalf.


Are there any options to the implementation?

Only with DKIM: Key length – 512, 1024 or 2048 bit.

Do you charge for doing this?

No – we do not charge for setting these items up for you, although we do reserve the right to charge for any project management or consulting time if we need to spend time liaising with your IT staff or 3rd parties.

Why don’t you just implement it by default on all systems?

Implementation of these systems is a two-stage approach. It needs to be undertaken by both ourselves and your IT department or ISP.

What other ways can Advorto ensure that messages are delivered?

You should ask your messaging team, IT department or ISP to:

  • Whitelist our mail server cluster
  • Allow our mail server cluster to relay for your domain
  • For important messages, ensure that your system is configured to send text messages

Our mail server cluster address is:

For more information





DomainKeys Identified Mail



Domain-based Message Authentication, Reporting and Conformance


Mail Relay

Email relaying



Simple Mail Transport Protocol



Sender Policy Framework






Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk