Dashboard
Edit Article Logout

Configuring SPF, DKIM and DMARC


DailyStory makes use of modern email security features to ensure customer email is delivered on-time and placed in the inbox. This includes setting up a dedicated subdomain to send emails from separate from a customers main domain along with separate IPs associated with the subdomain.

For example, if your main domain is test.com use of DailyStory will require you to add several DNS records so that DailyStory can send your email on a subdomain such as email.test.com.

Basic overview of sending domain relationship

Some email providers do not offer this and send email "on behalf of". This happens when the sending domain and the from domain do not match. For example, sending an email from amy@test.com using a sending domain of email-list.eample.com. These emails may reach the inbox, but will be displayed to the recipient as:

amy@test.com on behalf of email-list.example.com

In this case, the sending domain email-list.example.com and the from domain test.com do not match. Modern mail systems such as Gmail may place the email in the inbox, but that cannot validate that amy@test.com was the actual sender.

This type of mismatch is often used in email phishing attacks to confuse the recipient.

For best email delivery results the sending and from domain should match and that match should be verifiable.

Sending email with matching domains

When setting up DailyStory you will be provided with several records to add to your DNS. This includes 2 MX records, which simply tell email servers how to route email.

Additionally two TXT records are provided. These two TXT records, SPF and DKIM, allow email servers to validate that the sending domain and the from domain match, e.g. amy@test.com is allowed to send email from email.test.com.

Sender Policy Framework (SPF)

The Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email.

An example SPF record looks as follows:

v=spf1 include:mailgun.org ~all

Some email systems, such as Gmail, will also require an SPF record. An SPF record can support multiple sending domains:

v=spf1 include:_spf.google.com include:mailgun.org ~all

DKIM (DomainKeys Identified Mail)

DomainKeys Identified Mail is an email authentication method designed to detect forged sender addresses in email (email spoofing), a technique often used in phishing and email spam.

A DKIM record is associated with a subdomain, e.g. mx._domainkey.mg, and looks as follows:

k=rsa; p=MIGfAQtH1N8dyxzunS1WRfe+Qs6jYJ7NIXZM2Y7yPTbwzBXtTmiBJYEz...

It is possible to have multiple DKIM records associated with various subdomains.

Supporting DMARC

An optional step to protect your sending domain is to use DMARC. As of May 2025 DMARC is a requirement if sending to over 5,000 recipients in a day to Gmail, Yahoo, or Outlook/Hotmail recipients.

Warning

Configuring DMARC incorrectly will cause email delivery problems with modern email providers like Gmail. It is important to understand how to configure DMARC prior to enabling it.

DMARC (Domain-based Message Authentication, Reporting and Conformance)

Domain-based Message Authentication, Reporting and Conformance is an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.

An example DMARC policy looks as follows:

v=DMARC1; p=quarantine; pct=100; rua=mailto:security@example.com

A DMARC record is provided for you in Email Marketing Setup specific to the subdomain that DailyStory sends your email on. However, you can further modify your DMARC record if needed.


How helpful was this article?

πŸ‘ or πŸ‘Ž

Related Articles