Set up SPF, DKIM & DMARC for Flodesk

Flodesk asks you to authenticate your custom domain, but the SPF record it gives you looks different from every other SPF record you've seen.

Check your domain first — 10 seconds, free, no signup.
See your DMARC policy, SPF lookup count and every issue explained in plain English.
Run the free check →

What this means

Flodesk supplies its SPF as a CNAME record, not the usual TXT — which surprises people and leads to a classic mistake: trying to merge it into an existing TXT SPF record. Don't. Add the Flodesk CNAME SPF record as a separate new DNS record and leave any existing TXT SPF untouched; the two coexist without conflict because they're different record types serving different senders. Source: Flodesk Help — Authenticate your custom domain manually · verified 2026-07-18.

What to do about it

Step 1. Add Flodesk's SPF CNAME as its own new record — do not paste it into your existing v=spf1 TXT record.
Step 2. Add the Flodesk DKIM record it provides alongside it.
Step 3. Keep any existing TXT SPF from other senders exactly as it is.
Step 4. Publish DMARC on your root domain and run the free check below to confirm Flodesk mail now aligns.

Frequently asked

Will adding these records break the email I already send?

No. Adding SPF includes and DKIM records (whether TXT or CNAME) only adds authentication — it never blocks mail. The only step that can affect delivery is tightening your DMARC policy to quarantine or reject, and that comes later, once reports confirm every legitimate sender passes.

The platform says it “handles DMARC” — do I still need my own record?

Yes. Most platforms handle DKIM (and sometimes SPF) so their mail can pass, but the DMARC record is published on your own domain and controlled by you — it's what tells receivers to act on failures. Providers rarely publish it for you, and you want your own rua= address to see the reports.

How do I confirm it actually worked?

Send yourself a test message and check the headers for dkim=pass and dmarc=pass — or run the free check below on your domain to see SPF, DKIM and DMARC state, and which sending services currently align, in one place.

Don't want to babysit DNS records?
DMARCKeeper monitors your reports, names every sender, and walks you to full p=reject protection.
Start free monitoring →