{"Status":true,"Message":"","Response":{"post":{"postuid":"u8890mowsx","tenantuid":"d8b744fc-2e70-4089-bb80-dd1d08f6c7b2","projectuid":"239698c5-f7eb-4574-8cc8-c6568f08b3a0","title":"Configuring SPF, DKIM and DMARC","slug":"article/u8890mowsx-configuring-spf-dkim-and-dmarc","html":"\u003Cp\u003EDailyStory makes use of modern email security features to ensure customer email is delivered on-time and placed in the inbox. This includes setting up a dedicated subdomain to send emails from separate from a customers main domain along with separate IPs associated with the subdomain.\u003C/p\u003E\u003Cp\u003EFor example, if your main domain is test.com use of DailyStory will require you to add several DNS records so that DailyStory can send your email on a subdomain such as email.test.com.\u003C/p\u003E\u003Ccite class=\u0022important\u0022\u003E\u003Cspan class=\u0022title\u0022\u003EImportant\u003C/span\u003E\u003Cp\u003EYou can find your account\u0027s DNS settings by following the instructions in the email setup article.\u003C/p\u003E\u003C/cite\u003E\u003Ch2 id=\u0022basic_overview_of_sending_domain_relationship\u0022\u003EBasic overview of sending domain relationship\u003C/h2\u003E\u003Cp\u003ESome email providers do not offer this and send email \u0022on behalf of\u0022. This happens when the sending domain and the from domain do not match. For example, sending an email from amy@test.com using a sending domain of email-list.eample.com. These emails may reach the inbox, but will be displayed to the recipient as:\u003C/p\u003E\u003Cp\u003Eamy@test.com on behalf of email-list.example.com\u003C/p\u003E\u003Cp\u003EIn this case, the sending domain email-list.example.com and the from domain test.com do not match. Modern mail systems such as Gmail may place the email in the inbox, but that cannot validate that amy@test.com was the actual sender.\u003C/p\u003E\u003Cp\u003EThis type of mismatch is often used in email phishing attacks to confuse the recipient.\u003C/p\u003E\u003Cp\u003EFor best \u003Ca href=\u0022/article/h02ufe59wn-troubleshooting-email-delivery\u0022\u003Eemail delivery\u003C/a\u003E results the sending and from domain should match and that match should be verifiable.\u003C/p\u003E\u003Ch2 id=\u0022sending_email_with_matching_domains\u0022\u003ESending email with matching domains\u003C/h2\u003E\u003Cp\u003EWhen setting up DailyStory you will be provided with \u003Ca href=\u0022/article/7hin3gw78p-mailgun-and-daily-story-integration\u0022\u003Eseveral records to add to your DNS\u003C/a\u003E. This includes 2 MX records, which simply tell email servers how to route email.\u003C/p\u003E\u003Cp\u003EAdditionally two TXT records are provided. These two TXT records, SPF and DKIM, allow email servers to validate that the sending domain and the from domain match, e.g. amy@test.com is allowed to send email from email.test.com.\u003C/p\u003E\u003Ch3 id=\u0022sender_policy_framework_spf\u0022\u003ESender Policy Framework (SPF)\u003C/h3\u003E\u003Cp\u003EThe \u003Ca href=\u0022https://en.wikipedia.org/wiki/Sender_Policy_Framework\u0022 target=\u0022_blank\u0022\u003ESender Policy Framework (SPF)\u003C/a\u003E is an email authentication method designed to detect forging sender addresses during the delivery of the email.\u003C/p\u003E\u003Cp\u003EAn example SPF record looks as follows:\u003C/p\u003E\u003Cp\u003E\u003Ccode\u003Ev=spf1 include:mailgun.org ~all\u003C/code\u003E\u003C/p\u003E\u003Cp\u003ESome email systems, such as Gmail, will also require an SPF record. An SPF record can support multiple sending domains:\u003C/p\u003E\u003Cp\u003E\u003Ccode\u003Ev=spf1 include:_spf.google.com include:mailgun.org ~all\u003C/code\u003E\u003C/p\u003E\u003Ch3 id=\u0022dkim_domainkeys_identified_mail\u0022\u003EDKIM (DomainKeys Identified Mail)\u003C/h3\u003E\u003Cp\u003E\u003Ca href=\u0022https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail\u0022 target=\u0022_blank\u0022\u003EDomainKeys Identified Mail\u003C/a\u003E is an\u0026nbsp;email authentication\u0026nbsp;method designed to detect forged sender addresses in email (email spoofing), a technique often used in\u0026nbsp;phishing\u0026nbsp;and\u0026nbsp;\u003Ca href=\u0022/article/can-spam-compliance-guide\u0022\u003Eemail spam\u003C/a\u003E.\u003C/p\u003E\u003Cp\u003EA DKIM record is associated with a subdomain, e.g. \u003Ccode\u003Emx._domainkey.mg\u003C/code\u003E, and looks as follows:\u003C/p\u003E\u003Cp\u003E\u003Ccode\u003Ek=rsa; p=MIGfAQtH1N8dyxzunS1WRfe\u002BQs6jYJ7NIXZM2Y7yPTbwzBXtTmiBJYEz...\u003C/code\u003E\u003C/p\u003E\u003Cp\u003EIt is possible to have multiple DKIM records associated with various subdomains.\u003C/p\u003E\u003Ch2 id=\u0022supporting_dmarc\u0022\u003ESupporting DMARC\u003C/h2\u003E\u003Cp\u003EAn optional step to protect your sending domain is to use DMARC. As of May 2025 DMARC is a requirement if sending to over 5,000 recipients in a day to Gmail, Yahoo, or Outlook/Hotmail recipients.\u003C/p\u003E\u003Ccite class=\u0022warning\u0022\u003E\u003Cspan class=\u0022title\u0022\u003EWarning\u003C/span\u003E\u003Cp\u003EConfiguring DMARC incorrectly will cause email delivery problems with modern email providers like Gmail. It is important to understand how to configure DMARC prior to enabling it.\u003C/p\u003E\u003C/cite\u003E\u003Ch3 id=\u0022dmarc_domainbased_message_authentication_reporting_and_conformance\u0022\u003EDMARC (Domain-based Message Authentication, Reporting and Conformance)\u003C/h3\u003E\u003Cp\u003E\u003Ca href=\u0022https://www.dailystory.com/glossary/dmarc/\u0022 target=\u0022_blank\u0022\u003EDomain-based Message Authentication, Reporting and Conformance\u003C/a\u003E is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.\u003C/p\u003E\u003Cp\u003EAn example DMARC policy looks as follows:\u003C/p\u003E\u003Cp\u003E\u003Ccode\u003Ev=DMARC1; p=quarantine; pct=100; rua=mailto:security@example.com\u003C/code\u003E\u003C/p\u003E\u003Cp\u003EA DMARC record is provided for you in \u003Ca href=\u0022/article/oyg4lgy7y0-setting-up-your-email-domain\u0022\u003EEmail Marketing Setup\u003C/a\u003E\u0026nbsp;specific to the subdomain that DailyStory sends your email on. However, you can further modify your DMARC record if needed.\u003C/p\u003E","publish_status":0,"post_type":"Article","authoruid":"3dde8c16-763a-4a2b-ae0b-1d8c50c62e3d","author":{"authoruid":"3dde8c16-763a-4a2b-ae0b-1d8c50c62e3d"},"featured_image_updating":false,"meta_description":"Ensure reliable email delivery with DailyStory using dedicated subdomains, SPF, DKIM, and DMARC for enhanced security and inbox placement.","display_toc":true,"has_workingcopy":false,"allow_indexing":true,"sort_order":30,"total_views":1109,"date_published":"2025-06-30T16:47:00","date_updated":"2026-04-01T18:22:25.58","date_created":"2025-04-24T15:02:35.03"}}}