Make Brevo (Sendinblue) DMARC-compliant
How to authenticate Brevo (Sendinblue) as a sender on your domain - so its mail passes SPF, DKIM and DMARC, and you can safely reach enforcement.
Three steps to authenticate Brevo (Sendinblue)
Brevo (Sendinblue) needs to pass SPF and DKIM, and align with your domain so DMARC passes. Here’s how – confirm the exact values against Brevo (Sendinblue)’s current documentation as you go.
How Brevo (Sendinblue) authenticates
Don't add an SPF include for Brevo - it checks SPF on its own envelope sender, so an include would fail. Authenticate using the CNAME (DKIM) records Brevo gives you.
So there’s no SPF include to paste in for Brevo (Sendinblue) – DKIM (next step) is what carries DMARC alignment. Hosted SPF still helps keep your overall record under the 10-lookup limit.
No SPF include to add
Brevo (Sendinblue) authenticates through the CNAME records you publish during its domain-setup flow – follow Step 2.
Turn on DKIM signing
DKIM cryptographically signs each message so receivers can prove it really came from you and wasn’t tampered with. Authenticate your domain in Brevo and publish the CNAME records it provides, plus the Brevo verification code.
DKIM is what keeps you authenticated even when a message is forwarded – so it’s worth getting right. More on how DKIM works →
- Enable DKIM inside Brevo (Sendinblue)
- Publish the DNS records it gives you
- Wait for it to verify, then send a test
Confirm alignment, then enforce
With SPF and DKIM set up, check that Brevo (Sendinblue) aligns – that the authenticated domain matches your visible From address. Once every legitimate sender aligns, you can move DMARC to p=reject safely.
DMARCER’s enforcement journey shows you exactly when it’s safe to advance – no guesswork.
Good to know
DKIM via CNAME is what carries DMARC alignment for Brevo.
Check you got it right
Look up your records instantly, or run a full free check to confirm Brevo (Sendinblue) passes SPF, DKIM and DMARC – and get your score out of 100.
Check SPF Full free check