DMARC for cold-email domains (Smartlead & Instantly) — required or handled for you?

You run cold email through Smartlead or Instantly across several domains and can't tell whether you still need to set up SPF, DKIM and DMARC yourself.

Check your domain first — 10 seconds, free, no signup.
See your DMARC policy, SPF lookup count and every issue explained in plain English.
Run the free check →

What this means

It depends on whose domain it is. On the platforms' own managed / pre-warmed sending domains, Smartlead and Instantly auto-configure SPF, DKIM and DMARC — you don't add records there. But any domain you own and send from is still governed by Google's bulk-sender rules: since February 2024, senders of more than 5,000 messages a day to Gmail must pass SPF and DKIM with an aligned DMARC record, or the mail is rejected. Cold-email operators running dozens of throwaway domains hit this on every self-owned domain. Source: Google — Email sender guidelines · verified 2026-07-18.

What to do about it

Step 1. On platform-managed domains, let the tool handle authentication — don't double-add conflicting records.
Step 2. On every domain you own, publish SPF, DKIM and a DMARC record yourself.
Step 3. Treat p=none as the floor, not the finish — Google checks that a DMARC record exists and aligns.
Step 4. Check each self-owned sending domain with the free tool below before you start a campaign.

Frequently asked

Will adding these records break the email I already send?

No. Adding SPF includes and DKIM records (whether TXT or CNAME) only adds authentication — it never blocks mail. The only step that can affect delivery is tightening your DMARC policy to quarantine or reject, and that comes later, once reports confirm every legitimate sender passes.

The platform says it “handles DMARC” — do I still need my own record?

Yes. Most platforms handle DKIM (and sometimes SPF) so their mail can pass, but the DMARC record is published on your own domain and controlled by you — it's what tells receivers to act on failures. Providers rarely publish it for you, and you want your own rua= address to see the reports.

How do I confirm it actually worked?

Send yourself a test message and check the headers for dkim=pass and dmarc=pass — or run the free check below on your domain to see SPF, DKIM and DMARC state, and which sending services currently align, in one place.

Don't want to babysit DNS records?
DMARCKeeper monitors your reports, names every sender, and walks you to full p=reject protection.
Start free monitoring →