When an AI agent sends an email, the receiving server checks whether that email is legitimate. The three main standards it uses are SPF, DKIM, and DMARC. Without them, your agent's emails go to spam.
SPF: Sender Policy Framework
SPF is a DNS record that lists which servers are allowed to send email on behalf of your domain. If your domain is mycompany.com, you add a TXT record like:
v=spf1 include:agentmailr.com ~allThis tells receiving servers: "Email from mycompany.com is legitimate if it came through AgentMailr's servers." The ~all means other sources are treated as suspicious but not rejected outright.
DKIM: DomainKeys Identified Mail
DKIM adds a cryptographic signature to every email. The receiving server checks the signature against a public key in your DNS. This proves the email was not tampered with in transit. AgentMailr handles DKIM signing automatically when you connect a custom domain. You add the public key as a TXT record in your DNS:
_domainkey.mycompany.com TXT "v=DKIM1; k=rsa; p=MIGfMA..."DMARC: Domain-based Message Authentication
DMARC tells receiving servers what to do if SPF or DKIM fails. A basic policy:
_dmarc.mycompany.com TXT "v=DMARC1; p=none; rua=mailto:dmarc@mycompany.com"p=none means take no action (just report). Once you verify authentication is working, upgrade to p=quarantine or p=reject for stronger protection.
Using AgentMailr Domains
If you send from @agentmailr.com, all authentication is pre-configured. If you use a custom domain, the dashboard walks you through adding SPF, DKIM, and DMARC records. Verification is automatic once the DNS records propagate.
Checking Your Setup
After adding records, use a tool like MXToolbox or mail-tester.com to verify. Send a test email and check the headers for dkim=pass and spf=pass. Green on both means your emails will reach the inbox.