NOTE: This article is intended at those setting up newly registered domains, if you run into any issues getting setup with SPF, DKIM, and DMARC we suggest looking into the help articles provided by your Email Service Provider/Domain Provider in order to resolve unforeseen issues while getting setup. While this guide will allow most users to get setup, we are limited in our ability to help troubleshoot specific issues related to this. We do NOT recommend following this guide specifically if you are unfamiliar with how DNS/Security protocols are implemented and instead recommend you look into the setup articles written by your providers.
SPF, DKIM and DMARC are ways to authenticate your mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send email. To maximize your deliverability rates, you will need to make sure that all 3 of these settings are implemented under your DNS.
SPF
To configure SPF for your domain, you will need to add the following record to your DNS settings.
For Google:
Type: TXT Record
Host: @
Value: v=spf1 include:_spf.google.com ~all
TTL: Automatic
For Outlook
Type: TXT Record
Host: @
Value: v=spf1 include:spf.protection.outlook.com -all
TTL: Automatic
DKIM
For Google:
For the official documentation, please refer to Googles Help Section
In order to activate DKIM for your Gmail account, you will need to navigate to Google's Admin console and enable Authenticate email. Please note that you will also need to have access to your domains DNS settings in order to perform this. To get started
Step 1: Login to your Google Admin Panel
Navigate to this link and sign into your admin account. You will be greeted by this dashboard. Select Apps
Then select Google Workplace
Then select Gmail.
Then select Authenticate Email.
This will bring you to a page where you can generate a record to enter into your DNS settings to activate DKIM.
Once you have entered this information into your domains DNS settings, click on Start Authentication. Note that DNS takes time to propagate so this may take a few minutes of trying before it starts.
For Microsoft:
For the official documentation, please refer to Microsoft's Documentation.
In order to enable DKIM under your Microsoft account, you will need to sign into the Microsoft 365 admin center under your Admin account. Please note that you will also need to have access to your domains DNS settings in order to perform this. To get started
Step 1: Add CNAME Records
Before you can activate DKIM under your settings, you will need to publish 2 CNAME records under the DNS settings of the domains associated with the inboxes. Keep note that you will need to replace out domainGUID and initialDomain with your own values.
Your domainGUID value will be your domain address with the period replaced with a dash. So instead of acme.com, your domainGUID would be acme-com
Your initialDomain is the domain that you used when you signed up for Microsoft 365. Initial domains always end in onmicrosoft.com. So instead of acme.com, your initialDomain value would be acme.onmicrosoft.com
Record 1:
Type: CNAME
Host name: selector1._domainkey
Points to address or value: selector1-<domainGUID>._domainkey.<initialDomain>
TTL: 3600
Record 2:
Type: CNAME
Host name: selector2._domainkey
Points to address or value: selector2-<domainGUID>._domainkey.<initialDomain>
TTL: 3600
Your final CNAME Records should look something like this.
Step 2: Log into your Microsoft 365 Admin account.
Once you have logged in, you should be greeted by the Office 365 dashboard. Click into the admin button (Note if you utilize Outlook through Godaddy your dashboard will be setup slightly differently)
Once you have navigated to the Microsoft admin center, click on the three dash icon to open up the side navigation bar. From here, click on the Show All button.
From here, click on "Exchange"
This will bring up the Exchange Admin center in a new tab. From here, click on the Protection setting.
Then select the DKIM section of this page.
This page will then display all domains under this account with details regarding their DKIM status. From here, select your domain, then select "Enable"
If you set your 2 CNAME records correctly, this should toggle on and you are all set.
Please note that if you have not configured your CNAME records correctly, you will get an error message indicating this so you will need to double check that these settings are correct.
DMARC
Note: Before you begin setting up DMARC, you MUST have your SPF and DKIM setup properly and working before going any further setting this up. DMARC works in conjunction with SPF and DKIM in order to add an extra layer of authentication to your outgoing mail and depends on these two systems to work.
DKIM and SPF should be authenticating messages for at least 48 hours prior to you establishing this record.
For Google:
For the official documentation on DMARC please refer to Google's Help Center Page on the subject
To establish DMARC for your Google account, you will need to enter the following record into your DNS settings.
Type: TXT Record
Host: _dmarc.{{Your domain}}
Value: v=DMARC1; p=none; rua=mailto:dmarc-reports@{{Your_Domain}}
TTL: 3600
If you need to adjust how incoming mail is handled for your particular domain, please refer to the official documentation linked above for more information on how to do this.
For Microsoft:
For the official documentation on DMARC please refer to Microsoft's Help Center Page on the subject
To establish DMARC for your Microsoft account, you will need to enter the following record into your DNS settings.
Type: TXT Record
Host: _dmarc.{{Your domain}}
Value: "v=DMARC1; p=none"
TTL: 3600
Your DMARC record should look similar to this.
If you need to adjust how incoming mail is handled for your particular domain, please refer to the official documentation linked above for more information on how to do this.