Email authentication proves your messages aren’t forged. The two most common methods are:
SPF (Sender Policy Framework): Let's mailbox providers verify that the server sending mail for your domain is authorized.
DKIM (DomainKeys Identified Mail): Cryptographically signs your mail so receivers can confirm it was sent by (and not altered after leaving) your domain.
You will need: Access to your DNS (e.g., GoDaddy, Cloudflare, cPanel, Namecheap).
For detailed instructions, please check our instructions video:
Step 1: Add DKIM (TXT record)
Create a TXT record in your DNS:
Record Type:
TXT
Host / Name:
em._domainkey
Value (TXT): v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC75RQss0FsR1dIiQ8fJwD8RJlktEdllRbjHKZcMv8GBnCSqoyNzjuoA6Xn3sJkIw6ZR9eB4hiz1yEdJSVsQKnOCzfLfPFqFbC5z6fBNJ6h/JNHNkcRTaiSwQXxvtP4jpBRbzOoK8rxSDwvPITLhh63xgXomiGYmaMsWkIvVfBnhQIDAQAB
Notes
Some DNS UIs auto-append your domain. If asked for the full host, enter
em._domainkey.yourdomain.com
.Keep it as a single line (no extra spaces/quotes).
Step 2: Add/Update SPF (TXT record)
If you do not have an SPF record yet, create:
Record Type:
TXT
Host / Name:
@
Value (TXT): v=spf1 include:spf1-srvs.em01.net ~all
Note: If you already have an SPF record, just add "include:spf1-srvs.em01.net" to the existing SPF record.
Example: Let's say you have the following SPF record: v=spf1 +a +mx +ip4:122.133.144.155 include:spf.test.com ~all
After adding "include:spf1-srvs.em01.net" to the existing SPF record, you should have v=spf1 +a +mx +ip4:122.133.144.155 include:spf.test.com include:spf1-srvs.em01.net ~all
Propagation: DNS changes can take time. It may update in minutes, but allow up to 24 hours (sometimes 48 with certain providers) before everything turns green. Avoid sending until checks pass.