SPF stands for "Sender Policy Framework". An SPF record is in place to identify which mail servers are authorized to send mail for a given domain. It is used to prevent spammers from sending mail with fraudulent From addresses in that domain.
Though many DNS editors allow for the creation of an SPF record, the SPF record must be entered as a TXT record in your domain's DNS settings create a TXT record. Enter:
Host/Name: @ (This means that the record is pointed at your own domain. Some editors will require the "@" symbol, some will require you to enter your own domain, and others will not let you enter anything. Every DNS Editor is different - you may need to contact your hosting provider for information on how to enter this record correctly)
Value: v=spf1 a mx include:_spf.elasticemail.com ~all
TIPS:Check to see if there are any other SPF records in your domain's DNS. There can only be one SPF record per domain, so if there is an existing record just add "include:_spf.elasticemail.com" to that record. Make sure you remove the quotes.
For example, if your domain already has the record: v=spf1 a mx include:_spf.google.com ~all, then you would just add: include:_spf.elasticemail.com
The final record would look like this: v=spf1 a mx include:_spf.google.com include:_spf.elasticemail.com ~all
If you're still not able to verify the SPF record, make sure to check common SPF errors article.
DKIM stands for "DomainKeys Identified Mail". They allow receiving servers to confirm that mail coming from a domain is authorized by the domain's administrators.
Create a TXT record. Enter:
TIPS:DNS settings can have as many DKIM records as needed.
In some DNS settings, the Host/Name field may require you to enter "api._domainkey.yourdomain.com", replacing your domain with your actual domain.
Elastic Email "tracks" opens, clicks, unsubscribes, etc. To do that we must rewrite links and use web pages. Setting up a "tracking domain" brands these rewritten links and pages with your own domain.
Create a CNAME record. Enter:
*Elastic Email system will look for either "tracking" or "email" automatically. If another CNAME is used please contact support to get it validated.
**If you're using Cloudflare as your host, you need to disable it for that particular record by clicking the "cloud" icon.
We strongly recommend using our DMARC Generator - it will help you create DMARC record suited for your domain.
Domain-based Message Authentication, Reporting & Conformance is an email authentication protocol that is built on top of SPF and DKIM protocols. SPF and DKIM are prerequisites of DMARC and must be in place before setting up a DMARC policy.
A DMARC policy allows a sender to indicate that their emails are signed by SPF and DKIM and tells a receiver what to do if neither of those authentication methods passes – such as junk or bounce the email. DMARC removes the guesswork from the receiver’s handling of these failed emails, limiting or eliminating the user’s exposure to potentially fraudulent & harmful emails. DMARC also provides a way for the email receiver to report back to the sender about emails that pass and/or fail DMARC evaluation.
Note there is no specific configuration needed in Elastic Email besides ensuring that your SPF and DKIM are both valid. Further, a DMARC policy on your domain(s) will affect all of your email sending from that domain (not just the mail you are sending through Elastic Email) so you need to ensure you are using SPF and DKIM for all your email delivery. For more information please click here.
The following are example DMARC TXT entries to set up on your domain(s) DNS.
Option 1- Setup your DMARC policy to simply notify you of mail that is not passing SPF and DKIM
Option 2- When you are no longer receiving negative reports, change your DMARC policy to quarantine which will not necessarily bounce email, but indicate to the recipient server they should consider quarantining it (junk or spam folder).
Option 3- When you are satisfied that you are validating all the email from your domain(s) with SPF and DKIM change the policy to reject which will bounce the emails that do not pass SPF and DKIM validation.
Please click here to view a list of the most popular tags available for your DMARC policy as above are only examples.
For most users, you will not be adding or changing any MX records in your domain's DNS. The only reason why you would change or add an MX record for use with Elastic Email is if you are using Inbound Email Notifications which are webhooks that are part of our HTTP API. Otherwise, this will give you a green check mark if you have an existing MX record that is used for directing mail to your own mail server. If it does not give you a green check mark when you do not have any MX records for your domain. This is OK - it is not required and all it means is that you do not currently have a mail server setup for your domain.
Go to your Settings >> Domains screen.
Add your domain (yourdomain.com). Click "Verify".
Green check marks mean that the record has been added correctly.
7. Default Domain
When there is a default domain set on the account, if an email is sent from a non-verified domain (firstname.lastname@example.org for example) then the emails are still branded using the default domain. If there is no default domain set, and an email is sent from a non-verified domain then elasticemail.com is used. Also, if a default domain is set, then sub-accounts will inherit the ability to use the default verified sender domain on the main account.