Select Category

Knowledge

SPF, DKIM & DMARC Domain Authentication Guide

There are several steps you must take to set up the authentication of your email sender domain. This step is needed to maintain email deliverability, and your email reputation is in good condition, because these 3 things can affect your delivery if not done immediately. You can read more about the SPF and DKIM here.

In this article you will learn how to configure domain verification so that you can send marketing emails. In general, all steps to configure domain verification are almost the same on multiple server domains.

How to authenticate domains

Here are the steps you need to do:

  1. Enter the Email Marketing menu, then select ‘Manage Sender’.
  2. If you have not added the email sender, you can add it first then to do email validation. On the ‘Manage Sender’ page your email sender will appear like this

Click on the DNS Instruction button and this will appear like this

These two records will be copied on your DNS Manager on domain server.

  1. Open a new tab in your browser, then open the DNS Manager of the domain you are using to start adding SPF, DKIM and DMARC configurations.

Note

Domain providers use a different name for the page where you will update the DNS Record, such as cPanel, Zone Editor, Zone File Settings, Manage Domains, Domain Manager, DNS Manager, and many more. If you want to see the DKIM SPF configuration on another domain server, you can read our documentation here.

CNAME configuration for DKIM

This is an example of CNAME configuration to set DKIM authentication. On some domain servers it might look different like the label name, column etc. Because each DNS provider has different settings.

This is the CNAME configuration for DKIM:

Record type	: CNAME Record
Name       	: `mt1._domainkey.(yourdomain.com)`
Record/Value: dkim.mailtarget.co
TTL        	: Default

Without parenthesis

Save CNAME configuration.

Note

If DNS Management in your server’s domain cannot add the dkim.mailtarget.co Record, contact your domain server because in some domains the old server does not provide the option to provide a Record. So you cannot add the dkim.mailtarget.co record.

TXT configuration for SPF

Following is an example of the TXT record for SPF that you will add. As mentioned before, some display labels, columns and others may look different but function more or less the same.

This is the TXT configuration for SPF:

Record type	: TXT
Name        : (yourdomain.com)
Record/Value: v=spf1 include:spf.mailtarget.co -all
TTL   		: Default

Without parenthesis

Save the TXT configuration.

Note

  • In some DNS Managers you might be able to add SPF records directly without having to go through TXT. That’s because there are some DNS Managers that provide SPF records directly, some are just TXT. So, if your DNS Manager only provides TXT records, then you need to add SPF via TXT. If your DNS Manager provides SPF records, then you can add them directly through the SPF records.
  • Don’t make more than one TXT for SPF. However, you can add additional records in one configuration.
  • In some cases, we need an additional configuration if indeed your domain has an additional configuration, like your domain that uses IPv4, A records and MX records. If you really need to install the configuration, add a record like the following v=spf1 ip4: xxx.xxx.xxx.xxx +a +mx include:spf.mailtarget.co -all This is an example of a TXT record for an incorrect SPF: v=spf1 include:spf.mailtarget.co -all include:spf.(yourdomain).com -all So make sure the TXT record is only one line like the example above.

TXT configuration for DMARC

For DMARC configuration, it is not mandatory, because by default it is usually in some domains when you add an email sender. The DMARC status will generally immediately become valid. However, in some domains there needs to be further configuration which causes the DMARC status to be ‘Not Valid’. If the DMARC status that you get is ‘Not Valid’, then you need to add the DMARC configuration.

This is the TXT configuration for DMARC:

Record type 	: TXT
Name 			: `_dmarc.(yourdomain.com)`
Record/Value	: v=DMARC1; p=none; sp=none; aspf=r; rua=mailto:(email@example.com); ruf=mailto:(email@example.com); rf=afrf; pct=100; ri=86400
TTL 			: Default

Without parenthesis

Note

  • Fill email@example.com with the email you have. Not required to be the same as the email in the email sender list in the MTARGET app, because this email will be used as an email to receive delivery reports.
  • Make sure that every time you configure a DMARC record, the p code must be none like p = none, because in DMARC there are 3 policies. Namely None policy (Email can be sent smoothly and safely), quarantine policy (Email can still be sent but the potential to enter the spam box is also large), reject policy (Email cannot be sent at all). If you enter a configuration record other than none, such as quarantine or reject, it is certain that your e-mail delivery will be interrupted.

Updating Domain Authentication Configuration

If you have previously authenticated a domain with Email Service Provider (ESP), make sure you only use 1 record. So, you only need to add the configuration as added above then delete the domain authentication configuration from ESP that you have previously used. Generally, the addition is only in the record / value column, not the ‘Name’. Because the ‘Name’ contains the domain you are currently using.

Remember, only editing records. No need to add new records to update configuration

FAQ

Q: I feel that I have configured it correctly and successfully but domain verification is still red A: If you feel you have configured it correctly, but domain verification is still red, you don’t need to panic. Wait for about 48 hours because the domain server needs time to recognize the record that you just added.

Q: I have previously used another Email Service Provider (ESP), which means I have configured SPF. Should I make a new TXT record again? A: If you have previously made an SPF setting, then you do not need to add a new TXT record.

Just add include: spf.mailtarget.co to the old Record. For example, you already have the SPF setting v=spf1 include:spf.(yourdomain.com) .co ?all, then you only need to change it to add tov=spf1 include:spf.(yourdomain.com) include:spf.mailtarget.co -all without having to add a new Record.

Q: I need an example for SPF & DKIM configuration through another domain server, such as cPanel or Zone Editor A: You can read our documentation for application on another domain server here

Q: How do I check if my record configuration is correct? A: To check it you can use dnschecker.org to check whether the settings are active.
In the example form, type your domain name.
On the dropdown menu next to it, select CNAME to see the CNAME or TXT status to see the TXT status. Then click the Search button.

It will appear whether your settings are correct, or not. If you experience difficulties, contact us via Live Chat.

Was this article helpful?
Let's See How They Improved By Using Our Products
They are using our product and success to run 2500%+ ROI Campaigns, increase their revenue through personalization, and many other benefit. Check their stories
See Stories

Related tutorials

relate-post-icon Share Template Improvement
relate-post-icon About Extra Quota & Bulk Quota
relate-post-icon New Template Page with Shortcut Link
relate-post-icon Supported Files on MTARGET
relate-post-icon Using Media in WhatsApp Messages
relate-post-icon WhatsApp media and Improvement in Conditional Form
relate-post-icon WhatsApp Button and Added Tax Registration Number (NPWP)
relate-post-icon Flow and Improvement Email Scheduler
relate-post-icon Report Flow Campaign
relate-post-icon About Send Time & Email Scheduler
×

Subscribe

The latest tutorials sent straight to your inbox.