Spf Dkim Configuration

Owned by Jules DELEUZE (Unlicensed)
Last updated: Nov 13, 2019
8 min read

SPF & DKIM Authentication

SPF & DKIM are authentication systems that tell Internet Service Providers (ISPs), like Gmail and Yahoo, that incoming mail has been sent from an authorized system, and that it is not spam or email spoofing.

To set Mailjet as an authorized sender, you will need to setup your SPF & DKIM authentication for each of your sending domains. Once setup, SPF & DKIM will also help with your deliverability – meaning your emails have a better chance of being delivered to the recipient’s inbox and not their spam folder.

As you need to configure your domain for SPF & DKIM authentication, it can only be done on custom domains or domains that you own. It also means SPF & DKIM authentication cannot be done for free webmail accounts like Google, Yahoo, and Hotmail.

What’s the meaning of SPF (Sender Policy Framework)?

Haven’t we all received emails that seem to be from our bank, our credit card company or even from ourselves but they were fake emails? The way emails are structured, spammers can and often do falsify the ‘from email address’ to send these types of spoof / spam emails. This is where SPF comes into place!

Sender Policy Framework (SPF) is a validation system that allows ISPs and webmail servers (Gmail, Yahoo, etc) to check if the incoming mail has been sent from an authorized server. Using the IP address of the sending server and the DNS records of your domain, ISPs can check if the sending server is authorized. If email is coming from an unauthorized sender, the emails will be marked as spam!

How do I make Mailjet an authorized sender?

To set Mailjet as an authorized sender, you will need to customize your SPF record. It will only take a few minutes and you will find step-by-step instructions below.

What’s the meaning of DKIM?

The acronym DKIM stands for Domain Keys Identified Mail. It is an encryption authentication method that is used by many ISPs to establish if the email originated from an authorized system and prevents spammers from stealing the identity of legitimate entities.

How does it work exactly?

DKIM allows for a unique signature to be added to the message header for each email you send. This signature is specific for your domain and is generated by a private key. The corresponding public key is added to a DNS record for your domain.

When an email server receives your email, it checks the public key to determine if your private key was used to generate the email signature. If your private key was not used, the email is considered to be a phishing or spam attempt.

How does it work ?

 

What do I need to do?

You will need to customize your DNS records. Don’t worry, it will only take a few minutes and you can follow our step-by-step guide below.

Using a free webmail account (Google, Yahoo, etc) ?

Sorry to tell you this but it is not possible to customize the SPF & DKIM records for Gmail, Hotmail, Yahoo or any other free webmail accounts. You should consider using an email address linked to your website instead.

Setup Overview

To setup SPF & DKIM authentication for your domain, you will need access to your DNS records in your domain hosting account (GoDaddy, 1&1, HostGator, OVH, ….). If you cannot find, or do not have access to your DNS records, please contact your domain hosting provider for assistance.

In summary, to authenticate your domain, you will need to copy the SPF & DKIM values from your Mailjet account to setup SPF & DKIM DNS records in your hosting account.

Here is an example SPF record setup:

 

And an example DKIM record setup:

 

SPF & DKIM Values

For the domain you want to authenticate, click on [sliders] to view the SPF & DKIM values.

 

SPF & DKIM Authentication

Please keep your SPF & DKIM window open as you will need to copy information into your DNS records.

Figure 1. SPF Configuration

 

Figure 2. DKIM Configuration

DNS Records

Open a new window and log into your hosting account or where your DNS records can be accessed.

Go to the section where you can create and view your DNS records. (If you are unsure where to find your DNS records, please contact your hosting provider for assistance.)

For this example, we will be using a GoDaddy account. (For instructions on setting up DNS records for other common providers, please go to the Helpful Links section.)

 

Please keep in mind that your DNS records may have different labels and displays. But essentially every DNS has a name, value (data) and record type.

To setup your domain authentication, you will need a TXT DNS record for your SPF and one for your DKIM.

DNS Record for SPF

There are two main points to know about the SPF records:

  1. SPF record is a TXT record; not be confused with the SPF type. (Although the SPF type could be used, it is not recommended in the industry.)

  2. There is only one SPF record per domain. (If you have more than one SPF DNS record, ISPs will not know which one to use which may cause authentication issues.)

Go to your domain hosting account and view your current DNS records. If you see no SPF record, you will need to create a new record; otherwise you will edit the existing SPF record:

Create a new SPF Record

  • Add a new DNS record of type TXT

  • Copy the host name from your Mailjet page to the Host Field

     

    In some cases, the domain provider may already populate the host name with your domain name. Please just double check that host name ends with a period.

    To authenticate a subdomain, simply add the subdomain followed by a period to the start of the Host field.

     

     

     

    The @ can be used for authenticating sub-domains as well:

     

  • Copy the SPF value from your Mailjet page to the TXT Value Field. (Some providers may require double quotes around the value field. It is best to contact your provider for assistance if you are unsure.)

     

  • Save your record

Edit an existing SPF Record

In the case you already have an SPF record, simply add the include part of your SPF value to the SPF’s TXT value field, and save your changes.

In this example, copy include:spf.mailjet.com to the existing SPF record…​

 

And the new TXT value will be:

Once you have saved your SPF records, the last step is to check the DNS status from your Mailjet page.

DNS Record for DKIM

To setup DKIM authentication, you will be creating a new DKIM record. (Unlike SPF records, there are no issues with having multiple DKIM DNS records in your domain.)

From your domain hosting account, create a new DNS record of type TXT.

In the Host Field, add the value: mailjet._domainkey.yourdomain.com. (and replace yourdomain with the domain name you are authenticating.)

 

The second step is to copy the very long DKIM value into the TXT Value Field.

 

Please note that some domain providers may require double quotes " " around the entire TXT Value. (If you are unsure whether to add the quotes, please contact your provider’s support team for clarification).

Once you have saved your new DKIM record, the last step is to check the DNS status from your DNS entry.

Checking your DNS Status

Once you have completed and saved your SPF & DKIM records, jump back to your DNS entry view and click the activate button.

 

Once your domain has been authenticated, you will see the status turned to active state.

it may take up to 24 hours for your DNS changes to reach the Mailjet system.

If your domain is still not authenticated after 24 hours, please check our troubleshooting checklist below or contact your domain hosting provider for help.

Troubleshooting Checklists

Please review the summary checklists for your DNS records:

SPF

  • SPF is a TXT record

  • Only one SPF record for your domain

  • Host Name ends with a period

  • Depending on your domain hoster, double quotes may be needed around the TXT value

DKIM

  • DKIM is a TXT record

  • Multiple DKIM records can exist for your domain

  • Host Name ends with a period

  • Some providers may require double quotes around the TXT value

If your authentication is not working after 24 hours, please contact your domain host provider for assistance.

Helpful Links

Step-by-Step Guides on creating DNS records for:

Links on how to edit DNS records for: