Articles on: Advanced Solutions

Setup Email Authentication (SPF, DKIM, and DMARC)

Setup Email Authentication (SPF, DKIM, and DMARC)



Google and Yahoo have announced new sender requirements that they plan to start enforcing in February of 2024. While already best practice, setting up your sending domain will be a requirement for bulk senders to land in Gmail inboxes. Google considers those who send 5000 or more emails to Google accounts per day to be "bulk senders." All traffic from a sender counts towards that 5000 email threshold.
Learn more about Gmail and Yahoo’s upcoming sender requirements.

Email Authentication



To have fully authenticated emails, 3 things are needed:
SPF records,
DKIM records,
and DMARC records.

Once everything is fully set you would expect to see something like this (in gmail, view original):



Or if you use our email testing button, it would show as fully authenticated:




Setup SPF



Setting the SPF record is fairly straightforward. You create a TXT record on your domain (no sub domain part) and set the value to:

v=spf1 mx a include:_spf.activedemand.com ~all

It would look something like this:



If you use Outlook 365 or Google Workspace for your normal 1-2-1 email, then they will need to be included on your SPF record too. Contact us if you need more help with this.

Testing the Setup



You can test that this is fully setup using mxtoolbox (https://mxtoolbox.com/SuperTool.aspx). Select “SPF Record Lookup” in the dropdown. In the input, enter yourdomain.com:



DKIM


Why use DKIM

DKIM is an email security standard that uses encrypted keys to verify you are allowed to send emails through that domain. This helps to protect your domain against spoofing.



Setup DKIM



Your DKIM setup should be taken care of automatically when you set these CNAME records:



The records when set should look like this:



Testing the setup
You can test that this is fully setup using mxtoolbox (https://mxtoolbox.com/SuperTool.aspx). Select “DKIM Lookup” in the dropdown. In the input, enter yourdomain.com:ad:




DMARC



Why use DMARC?

DMARC is used with SPF and DKIM records to authenticate mail senders. The DMARC record shows the receiving mail server what to do with messages from your domain that don’t pass SPF or DKIM.



Setup DMARC



The DMARC record will be a TXT record on your domain with a record name of _dmarc. The value may change slightly, but it will have 3 main semicolon separated parts.

Tag value pair v=DMARC1 … this is the only valid value for this
Tag value pair for “p”. The value can be none, quarantine, or reject. It's a good idea to set it to none or quarantine until you can confirm it's behaving the way you want.
Tag value pairs for where failures should be sent. The format is a comma separated list of emails (i.e. rua=mailto:engineering@fakeaccount.ca,mailto:security@fakeaccount.ca):
rua: Aggregate reports will be sent here
ruf: Detailed reports will be sent here
The completed record will look something like this:

Record type: TXT
Host: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:engineering@fakeaccount.ca




Testing the setup



You can test that this is fully setup using mxtoolbox (https://mxtoolbox.com/SuperTool.aspx). Select “DMARC Lookup” in the dropdown. In the input, enter yourdomain.com:


Updated on: 22/01/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!