When you connect an email account to Hunter Sequences via SMTP/IMAP, Hunter can’t automatically know which email provider or sending service you’re using. That means there isn’t one “correct” SPF/DKIM/DMARC value that fits everyone.
This guide helps you:
find where your DNS is managed
locate the correct SPF/DKIM/DMARC values for your setup
publish them correctly in DNS
verify they’re live
👉 If you’re here because Hunter flagged an error in the Domain Health Check, go to this article instead: Fix SPF, DKIM, and DMARC issues detected by Hunter (Health Check)
Step 1 — Find where your DNS is managed
You’ll add or update records in the DNS provider where your domain’s DNS is hosted. Common examples:
your registrar (GoDaddy, Namecheap, etc.)
Cloudflare
Squarespace Domains
your hosting provider
Not sure where DNS is managed?
Check your domain’s nameservers in your registrar, or ask your admin/IT team.
Step 2 — Get the correct values for your setup
To get the right SPF/DKIM/DMARC values, you’ll need to use documentation from the system that actually sends and signs mail for this domain.
Depending on your setup, that could be:
your email provider (Google Workspace, Microsoft 365, Zoho, etc.)
a dedicated SMTP/sending service
another outbound tool that sends on your behalf
💡If you’re not sure which system is responsible, ask your admin/IT team:
“What service signs outgoing mail for this domain, and what SPF/DKIM/DMARC records should we publish?”
Step 3 — Add the DNS records
Set up SPF
SPF tells inbox providers which servers are allowed to send emails for your domain. It’s published as a TXT record on the root domain (example.com).
Typical DNS placement:
Type: TXT
Host/Name: @ (or blank, depending on your DNS provider)
Value: starts with v=spf1
👉 Important:
SPF must be published as a single record on a domain. If you use multiple tools/providers to send mail, they must be included in one SPF record.
Common provider guides (if you use these providers)
How to verify SPF:
Set up DKIM
DKIM adds a cryptographic signature to your outgoing emails. It’s usually published as a TXT record on a selector hostname such as: selector._domainkey.example.com
Typical DNS placement
Type: TXT
Host/Name: provided by your provider (often selector._domainkey)
Value: includes v=DKIM1 and a public key
👉 Tip - DKIM issues are often caused by:
publishing the record on the wrong hostname (wrong selector), or
pasting a truncated value.
Common provider guides (if you use these providers)
How to verify DKIM:
Set up DMARC
DMARC defines what inbox providers should do when SPF/DKIM checks fail and helps protect your domain against spoofing. It’s published as a TXT record at:_dmarc.example.com
Typical DNS placement
Type: TXT
Host/Name: _dmarc
Value: starts with v=DMARC1 and includes a valid policy p=none, p=quarantine, or p=reject
👉Tip
If you’re setting up DMARC for the first time, starting with p=none (monitoring) is common. Once SPF and DKIM are stable, you can consider enforcing a stricter policy.
Common provider guides (if you use these providers)
Gmail/Google Workspace guide: link
Microsoft 365/Outlook guide:
How to verify DMARC
DNS changes can take time: DNS updates can take from a few minutes up to 24–48 hours depending on your DNS provider and TTL.
Step 4 — Verify your records
Once you’ve updated DNS, verify the records are published correctly (and avoid the most common mistakes): Verify SPF, DKIM, and DMARC records (and fix common DNS mistakes)
Want the deeper explanation (what these protocols do and why they matter)?: https://hunter.io/blog/spf-dkim-dmarc/