EN · $

Setting up SPF, DKIM, and DMARC in Virtualmin for Better Deliverability

Learn how to configure SPF, DKIM, and DMARC in Virtualmin to improve your email deliverability and protect your domain from abuse.

virtualminspfdkimdmarcemail-deliverability

Why are SPF, DKIM, and DMARC important?

Email deliverability is crucial for the success of your communication. Without proper authentication methods, your emails often end up in the spam folder or are not delivered at all. SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) are the three pillars of email authentication. They confirm that your emails actually originate from your domain and are not forged.

Prerequisites

You need access to Virtualmin as an administrator as well as the ability to modify DNS records for your domain. If you don't have a web hosting package yet, check out our Web Hosting Packages – all include Virtualmin.

Step 1: Create an SPF record

An SPF record defines which servers are allowed to send emails for your domain. In Virtualmin, go to Services → DNS Domains and select your domain. Add a new TXT record:

  • Name: @ (or your domain)
  • Value: v=spf1 mx include:_spf.google.com ~all (adjust the include values to your mail servers)

Save the changes. The record should take effect immediately, but DNS propagation can take up to 24 hours.

Step 2: Generate DKIM keys

DKIM adds a digital signature to your emails. In Virtualmin: Go to Virtualmin → Server Management → Email → DKIM. Click on Generate DKIM Keys. A public and a private key will be created. The public key needs to be added as a TXT record in DNS.

Copy the public key and create a new TXT record in your domain's DNS settings:

  • Name: default._domainkey (or as specified by Virtualmin)
  • Value: The public key (starts with v=DKIM1; h=sha256; k=rsa; p=)

Then enable DKIM in Virtualmin for the desired domain.

Step 3: Set up DMARC policy

DMARC instructs receivers on how to handle emails that fail SPF or DKIM. Create another TXT record:

  • Name: _dmarc
  • Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com (Start with p=none for monitoring, later increase to quarantine or reject)

With rua you receive reports about authentication failures.

Verifying the configuration

Use tools like SPF Checker or Mail-Tester to check if everything is set up correctly. Send a test email and analyze the headers.

Avoid common mistakes

  • Don't forget to include all sending servers in SPF (e.g., newsletter services).
  • DKIM keys must be renewed regularly (every 6-12 months).
  • Don't set DMARC to reject immediately – start with none to see the impact.

Conclusion

With SPF, DKIM, and DMARC, you ensure that your emails arrive reliably. If you need help with configuration, our Managed Hosting offers setup support. Or secure a Domain from us right away and get started.