SPF, DKIM & DMARC Domain Authentication Guide
There are several steps you must take to set up the authentication of your email sender domain. This step is needed to maintain email deliverability, and your email reputation is in good condition, because these 3 things can affect your delivery if not done immediately.
In this article you will learn how to configure domain verification so that you can send marketing emails. In general, all steps to configure domain verification are almost the same on multiple server domains.
Notes: In the configuration there will also be steps for setting DMARC. Generally, DMARC is optional. Only SPF and DKIM are mandatory. However, if your configuration later requires DMARC settings, you can use the values we have provided.
We have provided a video tutorial to make it easier for you to set up your domain.
How to authenticate domains
Here are the steps you need to do:
- Enter the Email Marketing menu, then select Manage Sender.
- If you haven’t added an email sender, you can add it first and then to do confirm email. You need to confirm the email sender first before doing DNS Configuration:
After you confirm the email sender, instructions regarding DNS Configuration will appear
Or you can access the email sender validation page via the manage sender page, in the domain validation action
On the “Manage Sender” page, it will appear as follows.
Click on the DNS Instruction button. Here you will get instructions for setting SPF, DKIM and DMARC. Here we have provided a value containing your domain. You can simply copy the value of each record to the DNS Manager.
Open a new tab in your browser, then open the DNS Manager of the domain you are using to start adding SPF, DKIM and DMARC configurations.
Note Domain providers use a different name for the page where you will update the DNS Record, such as cPanel, Zone Editor, Zone File Settings, Manage Domains, Domain Manager, DNS Manager, and many more. If you want to see the DKIM SPF configuration on another domain server, you can read our documentation here.
Configuration for DKIM
You can customize DKIM configuration using CNAME or TXT using the dropdown provided
This is an example of CNAME configuration to set DKIM authentication. On some domain servers it might look different like the label name, column etc. Because each DNS provider has different settings.
This is the CNAME configuration for DKIM:
Record type : CNAME Record Name : mt1._domainkey.(yourdomain.com) Record/Value: dkim.mailtarget.co TTL : Default
Save CNAME configuration.
If DNS Management in your servers domain cannot add the
dkim.mailtarget.co Record, contact your domain server because in some domains the old server does not provide the option to provide a Record. So you cannot add the
TXT configuration for SPF
Following is an example of the TXT record for SPF that you will add. As mentioned before, some display labels, columns and others may look different but function more or less the same.
This is the TXT configuration for SPF:
Record type : TXT Name : (yourdomain.com) Record/Value: v=spf1 include:spf.mailtarget.co ~all TTL : Default
Save the TXT configuration.
Or you can copy the value via the Email Sender Configuration page in the SPF section
In some DNS Managers you might be able to add SPF records directly without having to go through TXT. Thats because there are some DNS Managers that provide SPF records directly, some are just TXT. So, if your DNS Manager only provides TXT records, then you need to add SPF via TXT. If your DNS Manager provides SPF records, then you can add them directly through the SPF records.
Dont make more than one TXT for SPF. However, you can add additional records in one configuration.
In some cases, we need an additional configuration if indeed your domain has an additional configuration, like your domain that uses IPv4, A records and MX records. If you really need to install the configuration, add a record like the following
v=spf1 ip4: xxx.xxx.xxx.xxx +a +mx include:spf.mailtarget.co ~all. This is an example of a TXT record for an incorrect SPF:
v=spf1 include:spf.mailtarget.co ~all include:spf.(yourdomain).com ~all
So make sure the TXT record is only one line like the example above.
TXT configuration for DMARC
For DMARC configuration, it is not mandatory, because by default it is usually in some domains when you add an email sender. The DMARC status will generally immediately become valid. However, in some domains there needs to be further configuration which causes the DMARC status to be Not Valid. If the DMARC status that you get is Not Valid, then you need to add the DMARC configuration.
This is the TXT configuration for DMARC:
Record type : TXT Name : _dmarc.(yourdomain.com) Record/Value : v=DMARC1; p=none; sp=none; aspf=r; rua=mailto:(firstname.lastname@example.org) TTL : Default
Atau Anda dapat copy value melalui halaman Email Sender Configuration pada section DMARC
- Fill email@example.com with the email you have. Not required to be the same as the email in the email sender list in the MTARGET app, because this email will be used as an email to receive delivery reports.
- Make sure that every time you configure a DMARC record, the
pcode must be none like
p = none, because in DMARC there are 3 policies. Namely None policy (Email can be sent smoothly and safely), quarantine policy (Email can still be sent but the potential to enter the spam box is also large), reject policy (Email cannot be sent at all). If you enter a configuration record other than none, such as quarantine or reject, it is certain that your e-mail delivery will be interrupted.
Updating Domain Authentication Configuration
If you have previously authenticated a domain with Email Service Provider (ESP), make sure you only use 1 record. So, you only need to add the configuration as added above then delete the domain authentication configuration from ESP that you have previously used. Generally, the addition is only in the record / value column, not the Name. Because the Name contains the domain you are currently using.
Remember, only editing records. No need to add new records to update configuration
About Sender Notification
You can get notifications related to the email sender by checking here
If later there are changes in DNS Manager, you will also still get email notifications. If you don’t want to get notifications regarding domain authentication, you can simply uncheck it.
Domain Authentication Instructions
If you need help from the technical team for setting up the domain, you can fill in this section with your technical team email. Later here, we will send an instruction email for domain authentication
Q: I feel I have configured correctly and successfully but the domain verification still has an error message A: If you think you’ve configured correctly, but the domain verification is still red, you don’t need to panic. Wait approximately 48 hours because the domain server needs time to recognize the record you just added.
Q: I have previously used another email service provider (ESP), which means I have configured SPF. Should I create a new TXT record again? A: If you have previously set SPF, then you do not need to add a new TXT Record.
Technically, you can open the in-apps instructions, and if your domain still has other configurations, our system will detect it and provide value that you can easily copy, like here
As in the picture, there we have provided a value that you can copy.
If you want to do it manually. Just add
include:spf.mailtarget.co to the old Record. For example, you already have SPF setting
v=spf1 include:spf.(your domain content).co ?all, then you just need to change it to add it to
v=spf1 include:spf.(Your domain content) include:spf. mailtarget.co ~all without having to add a new Record.
Q: I need an example for SPF & DKIM configuration via another server domain, like Qwords or Cloudflare A: You can read our documentation for application on other server domains here
Q: How do I check if my record configuration is correct?
A: To check it you can use
dnschecker.org to check if the setting is active. Here are the steps:
- In the example form, type your domain name.
- In the dropdown menu beside it, select CNAME to view CNAME status or TXT to view TXT status.
- Then click the Search button.
Later will appear whether your settings are correct, or not. If you are having trouble, contact us via Live Chat.
Q: Can I get a notification, if my sender domain is already valid? A: Yes. You simply do a checklist.