SPF, Sender Policy Framework, is a DNS TXT record that lists the mail servers authorised to send on behalf of your domain. Zoho Mail provides the exact SPF record value to add at your domain registrar. DKIM, DomainKeys Identified Mail, adds a cryptographic signature to each outgoing message; the public key is published in DNS and the recipient server uses it to verify the signature. DMARC, Domain-based Message Authentication Reporting and Conformance, ties SPF and DKIM together and tells receiving servers what to do with messages that fail both checks: quarantine or reject them. Zoho Mail’s admin console provides a step-by-step guide and the exact DNS record values for each.
All organisations sending business email should set up SPF and DKIM at minimum. Without these records, messages from your domain are more likely to land in recipient spam folders or be rejected outright by strict mail servers. DMARC should be added once SPF and DKIM are confirmed working, starting in monitoring mode (p=none) before moving to an enforcement policy. This is especially important for domains used for transactional email such as invoices, order confirmations, or payment notices.
DNS changes for SPF, DKIM, and DMARC can take up to 48 hours to propagate globally. Use a tool such as MXToolbox to verify that each record resolves correctly after adding it. If your domain also sends email through other services such as Zoho Campaigns or a CRM, include those sending sources in your SPF record; exceeding the SPF lookup limit of 10 mechanisms will cause authentication failures.
A financial advisory firm in Mumbai found that client emails from their Zoho Mail accounts were regularly landing in spam at large banking clients. After their Zoho implementation partner set up proper SPF, DKIM, and a DMARC record in monitoring mode, deliverability improved within a week. The DMARC report emails also revealed a third-party CRM that had been sending on their behalf without authorisation, which they were then able to add to the SPF record.
No. Zoho Mail provides the exact DNS record values in the admin console under Domain Verification. You copy these values and add them at your domain registrar’s DNS management panel. Most registrars have a straightforward interface for adding TXT records, and the process typically takes under 15 minutes.
Without SPF and DKIM, your outgoing messages are more likely to be flagged as spam or rejected by recipient servers. It also leaves your domain vulnerable to spoofing, where bad actors send emails pretending to be from your address. DMARC in reject mode prevents spoofed messages from reaching recipients even if you cannot prevent the sending attempt.
Aaxonix is a certified Zoho implementation partner based in Pune. Architecture-first, no surprises.