How to authenticate your e-mail

Your guide to SPF, DMARC & DKIM

Image for post
Image for post
Photo by NeONBRAND on Unsplash
  • 3rd Party e-mail Admin Accounts (e-mail Blast Service [Mailchimp, ConstantContact, etc.], Additional Mail Server you might be using, etc.)
  • DKIM (DomainKeys Identified Mail): This will allow a server to send e-mails in your name while being authenticated to make sure it’s really you. For example, if you use MailChimp or ConstantContact for newsletter blasts and say it’s from ‘john@doecompany.com’, the e-mails will still be sent from MailChimp or ConstantContacts server. However, you verified with your Blast e-mail service that is indeed you and not someone pretending to be you. This is the most important one to set up correctly for businesses, as otherwise there will be a high bounce-back rate!
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Also an Anti-Spoofing mechanism that will work in conjunction with SPF. Having one or the other is ineffective — you will need both to be properly protected.
Image for post
Image for post
GoDaddy Manage Domains Dashboard Screenshot with Arrow pointing at Manage option. (1)
Image for post
Image for post
GoDaddy Domains Dashboard Screenshot with the arrow pointing at Manage Zones option. (1)
Image for post
Image for post
GoDaddy DNS Zone Editor Admin Dashboard Screenshot with Arrow pointing on the Add Option. (1)
Image for post
Image for post
GoDaddy Add DNS Entry Admin Dashboard Screenshot with button pointing at Save button and TXT as type, _dmarc as Host and the required value under TXT Value highlighted. (1)

Setting up SPF:

The SPF is the easiest to set up. You will need 2 things:

  1. The IP address of your e-mail server
Host: @ TXT Value: v=spf1 +a +mx +ip4:<ip of your e-mail server>~allTTL: 1 Hour
Image for post
Image for post
GoDaddy DNS Sample TXT Entry for the SPF settings as described above.

Setting up DKIM:

This is the most tedious of the three to set up and the most critical one. You will authenticate the 3rd party to send on behalf of your e-mail name, i.e. ‘john@doecompany.com’.

  1. For my e-mail newsletter blast service provider (ConstantContact in this case, it could easily be Mailchimp or someone else in your case).
Host: <provided by your 3rd party>._domainkeyTXT Value: v=DKIM1; k=rsa; p=<public key>TTL: 1 Hour
Image for post
Image for post
GoDaddy DNS Sample TXT Entry for the DKIM settings as described above.

Setting up DMARC:

Reminder: In order for the DMARC to do its job, you MUST setup SPF AND DKIM before. Because DMARC verifies SPF & DKIM settings and whether or not the sender suits these settings and is not a spoofer. If SPF & DKIM are not set up, DMARC won’t work and will result in rejected e-mails.

Host: _dmarcTXT Value: v=DMARC1;p=reject;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400TTL: 1 Hour
Image for post
Image for post
GoDaddy DNS Sample TXT Entry for the DMARC settings as described above.

Writing about all things related to WordPress, Web Design, Marketing & E-Commerce.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store