Email: Setting Up SPF record and DKIM
SPF Records and DKIM are used to protect against email spam and phishing. These help protect you both as a sender of email (SPF Records) and recipient (DKIM). In this article, we'll explain how to set up both of these beneficial systems for your email.
If you are experiencing bounces of emails sent to Gmail addresses, setting up SPF and DKIM (as outlined in this doc) will help to satisfy Google's increased security & privacy restrictions and allow emails to be delivered properly.
Adding an SPF Record
Sender Policy Framework (SPF) helps to prevent your outgoing messages from being marked as spam, and also protects your domain against spoofing. SPF specifies the mail servers that are allowed to send email for your domain. Receiving mail servers utilize SPF to verify that inbound messages that appear to come from your domain were actually sent by servers authorized by you.
Without SPF, messages sent from email on your domain are more likely to be marked as spam by receiving mail servers.
The steps below will add a SPF record to your domain DNS, using a TXT record.
- Go to your DNS Records.
Create a new TXT record by entering the following:
Type: TXT
Name: @
TXT Value: v=spf1 include:_spf.hostedemail.com ~all
TTL: (default)
Note: Changes made to DNS records can take up to 24 to 48hrs to fully propagate.
DKIM Setup:
DKIM (Domain Keys Identified Mail) is an email authentication method intended to detect forged sender addresses in email. This is a technique often used in phishing and email spam. DKIM allows the recipient to check whether an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.
To add DKIM to your domain, you will need to first generate the DKIM key and then add that key as a TXT record in your domains DNS:
Generate a 1024 bit DKIM key. This can be done using a site such as: https://easydmarc.com/tools/dkim-record-generator
For the Selector, you can use: key as the selector.
Once the key is generated, next add the public key as a TXT record on the domain's DNS zone file. You will need to add this record on a subdomain based on your key selector. For example: 'key._domainkey.example.com'
After adding the TXT record you will then add the full DNS entry value. The entry will look similar to this:
v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSzwHEHkNw1IrmyYhshr3VWUZN1VLG8/vjFKpqoYpMN3jjKl2J0I/V2uEV5F5G6fbTCV0TRah7euOnciltFSVDnWBUDZR04itCifl1pw1/kF6z10hduyMXQ8K5VZGW9t6oovuC2D10rLn+Cx8yR/qeQqKvyDHIrHcXoJFCA5NOawIDAQAB
- Once this has been added to your DNS record, please send our support team an email and include the private key, as well as the "_domainkey" selector. We will need to add this information to our backend to complete the process.