Select Category

Knowledge

SPF, DKIM & DMARC Domain Authentication Guide

There are several steps you must take to set up the authentication of your email sender domain. This step is needed to maintain email deliverability, and your email reputation is in good condition, because these 3 things can affect your delivery if not done immediately.

In this article you will learn how to configure domain verification so that you can send marketing emails. In general, all steps to configure domain verification are almost the same on multiple server domains.

Notes: In the configuration there will also be steps for setting DMARC. Generally, DMARC is optional. Only SPF and DKIM are mandatory. However, if your configuration later requires DMARC settings, you can use the values we have provided.

We have provided a video tutorial to make it easier for you to set up your domain.

How to authenticate domains

Here are the steps you need to do:

  1. Enter the Email Marketing menu, then select Manage Sender.
  2. If you haven’t added an email sender, you can add it first and then to do confirm email. You need to confirm the email sender first before doing DNS Configuration:

After you confirm the email sender, instructions regarding DNS Configuration will appear

Or you can access the email sender validation page via the manage sender page, in the domain validation action

On the “Manage Sender” page, it will appear as follows.

  1. Click on the DNS Instruction button. Here you will get instructions for setting SPF, DKIM and DMARC. Here we have provided a value containing your domain. You can simply copy the value of each record to the DNS Manager.

  2. Open a new tab in your browser, then open the DNS Manager of the domain you are using to start adding SPF, DKIM and DMARC configurations.

Note Domain providers use a different name for the page where you will update the DNS Record, such as cPanel, Zone Editor, Zone File Settings, Manage Domains, Domain Manager, DNS Manager, and many more. If you want to see the DKIM SPF configuration on another domain server, you can read our documentation here.

Configuration for DKIM

You can customize DKIM configuration using CNAME or TXT using the dropdown provided

This is an example of CNAME configuration to set DKIM authentication. On some domain servers it might look different like the label name, column etc. Because each DNS provider has different settings.

This is the CNAME configuration for DKIM:

Record type	: CNAME Record
Name       	: mt1._domainkey
Record/Value: dkim.mailtarget.co
TTL        	: Default

Without parenthesis

Save CNAME configuration.

Note If DNS Management in your servers domain cannot add the dkim.mailtarget.co Record, contact your domain server because in some domains the old server does not provide the option to provide a Record. So you cannot add the dkim.mailtarget.co record.

TXT configuration for SPF

Following is an example of the TXT record for SPF that you will add. As mentioned before, some display labels, columns and others may look different but function more or less the same.

This is the TXT configuration for SPF:

Record type	: TXT
Name        : (yourdomain.com)
Record/Value: v=spf1 include:spf.mailtarget.co ~all
TTL   		: Default

Without parenthesis

Save the TXT configuration.

Or you can copy the value via the Email Sender Configuration page in the SPF section

Note

  1. In some DNS Managers you might be able to add SPF records directly without having to go through TXT. Thats because there are some DNS Managers that provide SPF records directly, some are just TXT. So, if your DNS Manager only provides TXT records, then you need to add SPF via TXT. If your DNS Manager provides SPF records, then you can add them directly through the SPF records.

  2. Dont make more than one TXT for SPF. However, you can add additional records in one configuration.

  3. In some cases, we need an additional configuration if indeed your domain has an additional configuration, like your domain that uses IPv4, A records and MX records. If you really need to install the configuration, add a record like the following v=spf1 ip4: xxx.xxx.xxx.xxx +a +mx include:spf.mailtarget.co ~all. This is an example of a TXT record for an incorrect SPF: v=spf1 include:spf.mailtarget.co ~all include:spf.(yourdomain).com ~all

So make sure the TXT record is only one line like the example above.

TXT configuration for DMARC

For DMARC configuration, it is not mandatory, because by default it is usually in some domains when you add an email sender. The DMARC status will generally immediately become valid. However, in some domains there needs to be further configuration which causes the DMARC status to be Not Valid. If the DMARC status that you get is Not Valid, then you need to add the DMARC configuration.

This is the TXT configuration for DMARC:

Record type 	: TXT
Name 			: _dmarc.(yourdomain.com)
Record/Value	: v=DMARC1; p=none; sp=none; aspf=r; rua=mailto:(email@example.com)
TTL 			: Default

Without parenthesis

Atau Anda dapat copy value melalui halaman Email Sender Configuration pada section DMARC

Note

  1. Fill email@example.com with the email you have. Not required to be the same as the email in the email sender list in the MTARGET app, because this email will be used as an email to receive delivery reports.
  2. Make sure that every time you configure a DMARC record, the p code must be none like p = none, because in DMARC there are 3 policies. Namely None policy (Email can be sent smoothly and safely), quarantine policy (Email can still be sent but the potential to enter the spam box is also large), reject policy (Email cannot be sent at all). If you enter a configuration record other than none, such as quarantine or reject, it is certain that your e-mail delivery will be interrupted.

Updating Domain Authentication Configuration

If you have previously authenticated a domain with Email Service Provider (ESP), make sure you only use 1 record. So, you only need to add the configuration as added above then delete the domain authentication configuration from ESP that you have previously used. Generally, the addition is only in the record / value column, not the Name. Because the Name contains the domain you are currently using.

Remember, only editing records. No need to add new records to update configuration

About Sender Notification

You can get notifications related to the email sender by checking here

If later there are changes in DNS Manager, you will also still get email notifications. If you don’t want to get notifications regarding domain authentication, you can simply uncheck it.

Domain Authentication Instructions

If you need help from the technical team for setting up the domain, you can fill in this section with your technical team email. Later here, we will send an instruction email for domain authentication

FAQ

Q: I feel I have configured correctly and successfully but the domain verification still has an error message A: If you think you’ve configured correctly, but the domain verification is still red, you don’t need to panic. Wait approximately 48 hours because the domain server needs time to recognize the record you just added.

Q: I have previously used another email service provider (ESP), which means I have configured SPF. Should I create a new TXT record again? A: If you have previously set SPF, then you do not need to add a new TXT Record.

Technically, you can open the in-apps instructions, and if your domain still has other configurations, our system will detect it and provide value that you can easily copy, like here

As in the picture, there we have provided a value that you can copy.

If you want to do it manually. Just add include:spf.mailtarget.co to the old Record. For example, you already have SPF setting v=spf1 include:spf.(your domain content).co ?all, then you just need to change it to add it to v=spf1 include:spf.(Your domain content) include:spf. mailtarget.co ~all without having to add a new Record.

Q: I need an example for SPF & DKIM configuration via another server domain, like Qwords or Cloudflare A: You can read our documentation for application on other server domains here

Q: How do I check if my record configuration is correct? A: To check it you can use whatsmydns.net or dnschecker.org to check if the setting is active. Here are the steps:

  1. In the example form, type your domain name.
  2. In the dropdown menu beside it, select CNAME to view CNAME status or TXT to view TXT status.
  3. Then click the Search button.

Later will appear whether your settings are correct, or not. If you are having trouble, contact us via Live Chat.

Q: Can I get a notification, if my sender domain is already valid? A: Yes. You simply do a checklist.

Was this article helpful?
Let's See How They Improved By Using Our Products
Learn how our customers increase their leads and revenue through personalization and many other features. Check their stories!
See Stories

Related tutorials

relate-post-icon Downgrade your subscription package
relate-post-icon How to get a tax invoice automatically
relate-post-icon Upgrading your subscription package
relate-post-icon Update ke Paket Enterprise atau Pay-As-You-Go
relate-post-icon Introducing MTARGET’s new pricing
relate-post-icon Two-Factor Authentication
relate-post-icon Two-Factor Authentication (2FA)
relate-post-icon Update MTARGET Integration - Google Analytics 4 & WordPress Plugin
relate-post-icon Purify - Email Validator
relate-post-icon Share Template Improvement
×

Subscribe

The latest tutorials sent straight to your inbox.