Setting up DMARC and DKIM
Learn what DMARC and DKIM are and how to set them up.
Lauren Gilbert
Last Update 7 maanden geleden
When you send out emails, ESPs (email service providers), such as Gmail, Outlook, Yahoo, etc., need to identify whether the message is a legitimate email sent from the owner of the domain name or email address, or a forged email sent by a spammer or phisher. Having proper authentication protocols set up are essential if you want to achieve high email deliverability.
Here’s a quick guide on what these protocols are and how to set them up respectively according to your email service provider:
DMARC (Domain-based Message Authentication, Reporting & Conformance) vs. DKIM (Domain Keys Identified Mail
DMARC is a standard that builds on top of SPF and DKIM. It allows the domain owner to create a policy that tells email service providers (ESPs) what to do if email fails SPF and DKIM check.
- Read more: Setting Up MX Records and SPF
DKIM, on the other hand, is essentially a signature any sender can apply to their email messages. Adding this digital signature to your emails ensures that the sender of the message is actually the sender of the message. The digital signature verifies that an email hasn't been altered during transit.
What’s the importance of DMARC and DKIM?
Having DMARC in place ensures only legitimate, authenticated emails from your domain are delivered by providing instructions to ESPs on handling failed authentication checks. This helps prevent spoofing, phishing, and safeguards your domain's reputation.
DKIM acts as a trust verification by validating the digital signatures, confirming the email was not modified during transit and originated from an authorized source. This builds trust with receiving servers and improves deliverability.
Is DMARC and DKIM required for Mailivery?
Although not mandatory, implementing DMARC and DKIM is highly recommended for Mailivery users. As an organic, peer-to-peer email warmup platform, Mailivery relies on a network of real users to gradually build up your sender reputation. Both DMARC and DKIM provide additional layers of authentication and security for your email. These work together to protect sender reputation, enhance trust, and ultimately contribute to better email deliverability during the warmup process.
Below are quick step-by-step guides on how to set up DMARC and DKIM according to your email service provider:
DMARC (Domain-based Message Authentication, Reporting & Conformance)
How to Set Up DMARC for Google:
- Log into your domain provider (GoDaddy, Namecheap, Cloudflare, etc).
- Locate the section specifically for DNS Management or Settings.
- In your DNS settings, add this TXT Record:
- Hostname: _dmarc
- Note: Some domain hosts automatically add your domain name to the end of the TXT record name. After adding the TXT record, you can verify the DMARC TXT record name here to make sure it's formatted correctly.
- VALUE (with email): v=DMARC1; p=none; rua=mailto:[email protected]
- This version will send reports to whatever email you put in there
- VALUE (no email): v=DMARC1; p=none; pct=90; sp=none
- This version creates records without the email for reports.
OPTIONAL: If you're struggling with creating your DMARC Record, we recommend using this DMARC record generator.
For additional information and support on how to set up DMARC for your Google Workspace account, check out Google’s guide here: Add your DMARC record | Google Workspace Admin Help.
How to Set Up DMARC for Microsoft:
- Log into your domain provider (GoDaddy, Namecheap, Cloudflare, etc).
- Locate the section specifically for DNS Management or Settings.
- In your DNS settings, add this TXT Record:
- Hostname: _dmarc
- Note: Some domain hosts automatically add your domain name to the end of the TXT record name.
- Time to Live (TTL) = Default or 3600/1 hour
- VALUE (with email): v=DMARC1; p=none; rua=mailto:[email protected]
- This version will send reports to whatever email you put in there
- VALUE (no email): v=DMARC1; p=none; pct=90; sp=none
- This version creates records without the email for reports.
OPTIONAL: If you're struggling with creating your DMARC Record, we recommend using this DMARC record generator.
For additional information and support on how to set up DMARC for your Microsoft account, check out Microsoft’s guide here: How to Set Up DMARC | Microsoft Learn.
DKIM (Domain Keys Identified Mail Authentication, Reporting & Conformance)
How to Set Up DKIM for Google:
Log into your Google Admin dashboard.
- On the left-hand side, navigate to Menu -> Apps -> Google Workspace -> Gmail.
- Scroll down to the Authenticate email section.
- Click on the Generate New Record button and copy the hostname and TXT record value.
- Create a DNS TXT Record with the DKIM Key generated in the previous step.
- Sign in to your domain provider (GoDaddy, Namecheap, Cloudflare, etc).
- Locate the section specifically for DNS Management or Settings.
- Input the values for the DNS TXT Record with the DKIM Key generated previously in step 5.
- Go back to your Google Admin dashboard and click on "Start authentication".
For additional information and support on how to set up DKIM for your Google Workspace account, check out Google’s guide here: Turn on DKIM for your domain | Google Workspace Admin Help.
How to Set Up DKIM for Microsoft:
- Log into your domain provider (GoDaddy, Namecheap, Cloudflare, etc).
- Locate the section specifically for DNS Management or Settings.
- In your DNS settings, create two CNAME records for each custom domain.
CNAME Record 1
- Hostname: selector1._domainkey
- Points to address or value (alias to): selector1-yourcustomdomain-com._domainkey.yourcustomdomain.onmicrosoft.com
- TTL: 3600
- Fill in the yourcustomdomain portion with your domain.
- Ex. For Mailivery.com: selector1-Mailivery-com._domainkey.Mailivery.onmicrosoft.com
- CNAME Record 2
- Hostname: selector2._domainkey
- Points to address or value (alias to): selector2- yourcustomdomain-com._domainkey. yourcustomdomain.onmicrosoft.com
- TTL: 3600 or 1 hour
- Fill in the yourcustomdomain portion with your domain.
- Ex. For Mailivery.com: selector2-Mailivery-com._domainkey.Mailivery.onmicrosoft.com
5. Log into the Office 365 Admin Portal.
6. On the left-hand side, navigate to Menu -> Admin -> Show all -> Exchange -> Protection -> DKIM.
7. Navigate to Yourdomain.com, then Authoritative, and then click on Enable.
- Ex. Mailivery.com -> Authoritative -> Enable .
For additional information and support on how to set up DKIM for your Microsoft account, check out Microsoft’s guide here: How to Set Up DKIM for Email | Microsoft Learn.
Keep in mind that each ESP may have their own process of setting up these authentication protocols, so it’s important to reach out directly to your individual providers to ensure accuracy and proper set up.