The Skysnag Blog

Using DMARC and SPF in the Absence of DKIM

October 11, 2023  |  2 min read

You can undoubtedly utilize DMARC for the sole purpose of validating your SPF record, even though using DKIM is strongly advised. Skysnag automates SPF, DKIM, and DMARC for you, saving you the trouble and time required for manual configuration. You will have a better understanding of the need for DMARC and SPF without DKIM after reading this article. Let’s dive in.

Algorithm for DMARC authentication

The DMARC authentication algorithm is a mathematical formula used to calculate the authentication result for a given email message. The equation takes into account the results of two other authentication protocols, SPF and DKIM.

The algorithm is:

Authentication Result = SPF Result OR DKIM Result

If either SPF or DKIM passes, the message is considered authenticated. If both fail, the message is considered unauthenticated.

Which is better, DMARC or DKIM?

Email authentication methods like DMARC and DKIM help to increase the security and deliverability of your communications. Despite the fact that they are frequently mistaken and that many businesses struggle to comprehend the differences between these two protocols. DMARC and DKIM are truly extremely different from one another.

It is significant to remember that the two protocols can each be configured independently and are not dependent on one another.

Can I Set Up DMARC without DKIM?

Yes, you can, but it is not recommended. DMARC requires either DKIM or SPF to be in place in order for it to be effective, so it is best to have both setups. That said, it is possible to set up DMARC without DKIM, but your emails may be more likely to be marked as spam.

What happens if SPF authentication fails?

When SPF authentication fails, it means that the sender’s IP address is not authorized to send mail on behalf of the domain. The email may be flagged as spam, and the sender may be added to a blacklist.

When this occurs, if no DKIM configuration is made, the valid email fails Domain-based Message Authentication, Reporting & Conformance authentication because it also fails SPF and DKIM authentication, making the result a false negative.


Skysnag automates DMARC, SPF, and DKIM for you, saving you the trouble and time required for manual configuration.

Create a Skysnag account to generate your DMARC record.

Unlock insights, bypass email authentication configuration issues including SPF and DKIM; and protect your domain from spoofing with strict DMARC enforcement, all autonomously with Skysnag. Get started with Skysnag and sign up for a free trial today.

Learn more about DMARC

Check your domain’s DMARC security compliance

Enforce DMARC, SPF and DKIM in days - not months

Skysnag helps busy engineers enforce DMARC, responds to any misconfigurations for SPF or DKIM which increases email deliverability, and eliminates email spoofing and identity impersonation.