Setup Guide
Gmail won’t trust your emails
until you prove who you are
You verified your list. Every address is real. But Gmail still sends some of your emails to spam. The reason: Gmail doesn’t know if the email is really from you — or from a spammer pretending to be you. That’s what authentication solves.
What you’ll learn
- What SPF, DKIM, and DMARC are — in plain language, no jargon
- How to check if yours are set up (using QEV’s free tools)
- What to do if they’re missing or broken
- Why authentication + verification together = inbox delivery
Three records that prove you’re legitimate
Email authentication uses three DNS records — small text entries in your domain’s settings — that tell Gmail, Outlook, and Yahoo: “emails from this domain are authorized by the owner.” Without them, your emails look suspicious even if your list is perfectly clean.
SPF
Sender Policy Framework
Lists which servers are allowed to send email on behalf of your domain. When Gmail receives your email, it checks: “is this server on the approved list?” If not, the email looks like it could be forged.
DKIM
DomainKeys Identified Mail
Adds a digital signature to every email you send. Gmail checks this signature to confirm the email wasn’t tampered with in transit. Think of it as a wax seal on a letter — it proves the message is authentic and unaltered.
DMARC
Domain-based Message Authentication
Tells Gmail and Outlook what to do when an email fails SPF or DKIM checks: reject it, quarantine it, or let it through. Without DMARC, failed checks are handled inconsistently across providers. Since 2024, Google and Yahoo require DMARC for anyone sending more than 5,000 emails per day.
Check all three in one place
QEV provides free analyzer tools for each authentication record. Enter your domain and instantly see if your records are set up correctly — or if something is missing or broken.
How broken authentication shows up
You may not realize authentication is broken until you see these symptoms:
Emails go to spam despite a clean list
You verified, removed all bad addresses, but Gmail still sends you to spam. Most common cause: missing or failing SPF/DKIM.
Open rates suddenly drop
A DNS change or ESP migration broke your DKIM alignment. Emails that used to reach inboxes now land in spam. Nothing else changed.
DMARC failure reports appearing
If you have DMARC set up but your SPF/DKIM don’t align, you’ll see failure reports. That means providers are flagging your emails.
Spoofing attempts on your domain
Without DMARC, anyone can send email pretending to be your domain. Your customers receive phishing emails “from you.”
What to do if authentication is missing
If you use an email service like ActiveCampaign, Mailchimp, or HubSpot: Authentication is usually handled for you. But it’s worth checking — some ESPs require you to add DNS records manually, and misconfiguration is common.
If you send from your own domain (cold email, transactional): You or your IT team need to add SPF, DKIM, and DMARC records to your domain’s DNS settings. Use QEV’s SPF Wizard and DMARC Wizard to generate the correct records, then add them through your domain registrar (GoDaddy, Cloudflare, Namecheap, etc.).
The bottom line: Verification ensures you’re sending to real addresses. Authentication ensures Gmail believes the email is really from you. You need both. One without the other still results in emails going to spam.
Email Authentication — Quick Reference
SPF
Lists approved sending servers. Check yours →
DKIM
Digital signature proving email is unaltered. Check yours →
DMARC
Policy for handling failed checks. Required by Google/Yahoo for 5K+ senders. Check yours →
Key rule
Clean list (verification) + trusted sender (authentication) = inbox delivery
Setup Guides
Authentication handles trust.
Verification handles your list.
Upload free — 3,000 verifications, no credit card.
Verify Your List Free
ISO 27001
Certified
Certified
GDPR
Compliant
Compliant
CCPA
Compliant
Compliant
HIPAA
Compliant
Compliant
99% Accuracy
Guaranteed
Guaranteed