Domain Verification Setup

To engage customers through email marketing, you need to include domain authentication methods. These methods increase your sender reputation and deliverability, allowing your bulk emails to pass inbox providers’ spam filters.

There are three main methods: SPF, DMARC, and DKIM. They are usually implemented as TXT (a type of DNS record in legible text form) records in your domain’s DNS settings.

All three records should be included to ensure the highest email security and deliverability.

SPF (Sender Policy Framework)

SPF record contains a list of all the authorized email providers that can send emails using your domain. The receiving inbox provider analyzes your SPF record to see if the sender is authorized by your domain.

Setup

Here is the guide to setting up an SPF record on the “cortex” domain. SPF settings (as DKIM and DMARC) are highly provider-dependent, but the general process goes as follows:

Access your DNS settings and create/edit your SPF record. If there already is an SPF record, look for: “v=spf1”. An SPF record looks like this:

v=spf1 mx include:examplesender.email ~all

To add a cortex email provider, simply add your ESP with the “include” statement. The resulting record for the cortex domain should look like this:

v=spf1 mx include:_spf.cortex.cz ~all

Even though you use multiple providers, you need to have only one SPF record!

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC establishes a domain policy to deal with emails that fail DKIM and/or SPF checks. Therefore, in order to have a functioning DMARC record, you need both DKIM and SPF records.

Including a DMARC record in your DNS is highly advised. Some inbox providers (most notably Google) require a DMARC policy for the sender’s marketing emails to pass their spam filter.

Setup

Here is a guide to setting a DMARC record for the “cortex” domain:

Access your domain’s DNS settings.

Create a TXT record in your DNS. An example looks like this:

Name Type Content
_dmarc.example.com TXT v=DMARC1; p=none; sp=none;

“example.com” stands for your domain, “p” can be set to:

  • p=none (even if “your” email fails DKIM and SPF checks, you still recommend sending it)
  • p=quarantine (if the email fails the checks, it should go to spam)
  • p=rejection (if the message fails the checks, you are advised to reject it)
  • “sp” specifies the handling of the policy by all your subdomains

To properly set up DMARC policy for the cortex domain, the record follows:

v=DMARC1; p=none; sp=none;

DKIM (DomainKeys Identified Mail)

DKIM works as an encrypted digital signature in the email’s header. It is verified by a DNS record with two parameters: decryption key and selector. Upon receiving your email, the receiver ESP extracts a public decryption key from your DNS. If the key works and the signature is decrypted, the email passes the DKIM validation check.

Setup

Here’s the guide to setting up a DKIM record for the “cortex” domain:

Add the DKIM record to your domain’s DNS settings by creating a TXT record. An example DKIM record looks like this:

Name Type Content
loremipsum._domainkey.domain.tld TXT v=DKIM1; p=76E629F05X708EF665553333EEC3F5AE69B2362BECM40658267AB2FC3CB6CBE

“loremipsum” stands for your specific selector, and “example.com” is your domain. Everything after “p=” sets the specific decryption key (in the form of hash text).

Go to your ESP and allow DKIM. This is provider-dependent.

For the “cortex” domain, put the following in the “Name” column:

dkim._domainkey.domain.com IN CNAME dkim._domainkey.cortex.cz,

where domain.com is your domain name.

Cortex must confirm the domain name after it is set on your side!

For every sender domain, you need a particular DKIM record.

Final Note

These three records get your email message “accepted” by receiving providers, but they do not necessarily deliver it to the inbox. Many different spam filters scan and evaluate your email content afterward.