Picto Dropcontact - demi rond jaune et vertPicto Dropcontact - Shapes droite

[TUTO] Opening rate > 70% thanks to your domain settings

Configure SPF, DKIM and DMARC to optimize email deliverability

If you are in a Marketing or Sales team, email prospecting may be one of your favorite channels!

You know all the best practices for writing a good prospecting email, but something still bugs you? Your deliverability rate and your opening rate are lagging! 😡

⚠️ Spoiler alert: neither will ever reach 100%.

On the other hand, 4 essential topics can help you approach them: Custom Domain, SPF, DKIM, and DMARC.

gif orange

We'll explain what they are, but especially how to set them up! Follow the guide 😁

Dropcontact has created the tool to simply audit your email domain 🔥

Just enter your email domain in the audit tool your email and you automatically receive the diagnosis by email!

Enjoy 🎁

Protocoles SPF, DKIM, MARC... What's that ? 🤔

Before you get your elbow grease, a little general knowledge. 🤓


What's a Tracking Custom Domain, and why setting it up?

tell me more

To understand this, you need to know how the tracking of email openings works at the base.

The opening acknowledgment works in the same way for all emailing services: a small invisible tracking pixel is stored in each email. As soon as the recipient opens the email, he downloads this pixel. So, you receive a notification when the recipient has opened the email.

If you do not configure your custom domain, this small pixel is hosted on a shared server of the emailing solution you use. However, among these people, there are inevitably spammers and other black hats! 😈

The problem is that when a mailbox receives an email with an acknowledgment pixel hosted on a server with a bad reputation (and you can't do anything about it), your email can end up in spam/promotions, etc.

And this principle is the same when you have clickable links in your mails: the mailboxes automatically create redirection links hosted in shared servers....

... EXCEPT if you configure your Custom Domain!

You will have understood it: configuring your custom domain is an obligation to have a good deliverability and a reasonable opening rate 😜

How to configure custom domain tracking?

Here is how to configure the Custom Domain using the example lemlist.

At your domain host (GoDaddy, Namecheap, Gandi, OVH, etc.), go to:

Settings > Concerned domains DNS Management > add record :

  • Type: CNAME
  • Subdomain name: track
  • Value: custom.lemlist.com
  • TTL: default

When you have registered the CNAME (and waited between 1h and 48h depending on your host), find the Custom Domain section in the settings of your email platform.

custom domain

...Enter the CNAME that you have generated at your host and your domain. You can check if it works by simply copying and pasting the domain into your browser.

We show you the same approach on the hosting side in this article for OVH, Gandi, GoDaddy, 1&1, and Namecheap 😜.

The SPF protocol

SPF (Sender Policy Framework) is a protocol that guarantees and certifies the original IP of an e-mail. It tells the recipient servers which IP addresses are allowed to send emails from you.

The SPF protocol, therefore, protects your identity, reputation, and emails from spam.

DKIM protocol?

DKIM (DomainKeys Identified Mail) is a cryptographic authentication standard for email. 🤓

Translation: DKIM is a digital signature that ensures that emails are sent completely: sender verified, content not altered.

This DKIM protocol effectively fights against interception and/or modification of a message when it is sent (you may have heard of "man-in-the-middle" attacks).

The DMARC protocol: the last step to ensure the good deliverability of your emails

DMARC (Domain-based Message Authentication Reporting and Conformance) standardizes the way recipients perform email authentication using SPF and DKIM mechanisms.

DMARC allows you to:

  • make sure that no illegitimate address spoofing occurs on your domain name
  • improve email deliverability: legitimate emails from your domain are more likely to arrive in your inbox.

Before you start: get the necessary information from your email provider 📨

Most emailing services will accompany you to :

  • generate an SPF record
  • generating a DKIM key
  • generating a DMARC record

For the SPF record

For DKIM keys

For DMARC recordings, the whole process is available on Google support.

Your email provider does not support the creation of records? 😢

No panic! There are generators online:

For the SPF record

For the DKIM standard

For the DMARC standard

For the rest, it's done on the side of your domain host (OVH, Gandi, GoDaddy, Ionos, etc.) 👇

Let's go! 🤓

cat gif

Google Workspace (ex GSuite: SPF, DKIM et DMARC configuration

⚠️ Google Workspace (ex Gsuite) is an emailing service, not a domain host. But since many of you use this service to do cold emailing, we'll make an exception and show you in detail how to retrieve the records you need!

Google Workspace (ex GSuite): Generate your SPF record

You must be an administrator of the GoogleWorkspace (ex GSuite) account

The first thing to do is to go into the settings on the side of his host. The path varies significantly depending on the host, but generally, the approach is as follows:

Settings > My Domains > DNS Management > Add DNS

Once arrived here, there are 2 cases 🧐 .

You already have an SPF record with your domain host.

In this case, you must include this text in the DNS record:


include:_spf.google.com

Where? just before the termination mechanism (~all or -all or ?all) in the SPF record. You will get something like this:


v=spf1 a include:_spf.google.com ~all

There is no SPF registration with your host.

Then create one! To create an SPF record, go to the DNS settings of your web host and create a record with these settings :

  • Type: TXT
  • Host/Name/Alias: @
  • Time To Live (TTL): default
  • Record value: v=spf1 include:_spf.google.com ~all

v=spf1 a include:_spf.google.com ~all

It usually takes 48 hours for the new SPF record to be considered.

🧐 For more information, visit Google Help on SPF records

For DKIM, it's almost as simple: you need to generate the DKIM key on Google Workspace (ex GSuite) and then publish it to your domain host. But before doing so, consider generating a CNAME record on the side of your host.

You must be a super-administrator of the Google Workspace (ex GSuite) account for this step.

To create a DKIM record, you must first have created a CNAME record.

The first step is to create the DKIM key for your domain. First, log in to Google Admin go to the Gmail area of Google Workspace (ex Gsuite):

google admin

Then, scroll down a bit and click on Authenticate email, choose the domain and click on Generate new record:

new record

Once in Generate New Record :

  • Selecting the number of bits: choose 1024 by default (not all hosts are compatible 2048 → contact them directly for more information)
  • Prefix selector: keep "google" unless you already have an active DKIM key that includes "google".

Then click on Generate and... here you go! Here is your DKIM key:

dns host name

It is these 2 pieces of information (DNS hostname and TXT record value) that you will need on the host side to create the DKIM record!

At your web host, the path to copy/paste your key is often the same: Settings > My Domains > DNS Management > Add DNS

Please note that the authentication with your host can take up to 48 hours. Authentication is effective as soon as" Authentication email ✅" is displayed in the Authenticate email tab:

authenticate email
More information on the Google support 😉

Google Workspace (ex Gsuite: configuer your DMARC)

Before you start implementing DMARC, make sure that SPF and DKIM are properly configured.

In your hosting provider's settings, go to Add DNS record and click Add Record. Fill in the following fields:

  • Type: TXT
  • DNS hostname: _dmarc.example.io (replace "example.io" with your domain)
  • Value:

v=DMARC1; p=none; rua=mailto:votreadresse@exemple.com

(replace "exemple@exemple.io" by your email)

It is advisable to deploy the DMARC standard progressively using the p and pctvariables. Full details at the bottom of the Google support page 😉

Verify that SPF, DKIM, and DMARC registrations are working

Once you have configured your DNS records, you will need to check if everything works!

Check directly in the content of your emails

You can make sure that your SPF, DKIM, and DMARC signatures work by looking in your email header. Let's take the example of Gmail. Take an email and select View Original:

email content

Then, copy the header and paste it entirely into the Mxtools Email Header Analyzer tool. Start the analysis and you will see directly if your records are correctly configured!

Check that your SPF, DKIM, and DMARC are working via online checkers

There are also other online tools that allow you to check your SPF, DKIM, and DMARC.


Check SPF record

Go to Mxtoolbox and insert your domain in the search bar:

mxtoolbox

If your SPF is working, you will see your registration on a green background:

green background

Check DKIM registration

Check your DKIM registration on DMARCanalyzer by entering your DKIM selector and then your :

validate dkim

If your DKIM is working, you will see this result :

dkim

Check DMARC record

As with DKIM, you can check your DMARC on DMARCanalyzer by entering your domain in the search bar.

Now, let's move on to the host side!

Gandi: Configure Custom Domain, SPF, DKIM, and DMARC

Gandi: Configure the Custom Domain

To set up the Custom Domain, you must create a CNAME (Canonical Name) record.

How do I set up a CNAME record?

In your Gandi dashboard, click on the Domains tab (the blue sphere at the top left), then on DNS Records, and finally Add, at the top right:

enregistrements dns

You can now create a record. Select one:

  • Type: CNAME
  • Name: enter the sub-domain of the URL whose alias you want ("track" for custom domain tracking, www, info, etc.).
  • Value: Enter the domain whose alias you want to use.

Click on Send, then Send Changes.

Now go to the Custom Domain section of your emailing service and add the CNAME record and domain name!

More information on Gandi's FAQ

Gandi: Configure the SPF

In the dashboard > click Domain. Once in Assets, choose the domain to configure.

After clicking on DNS Registrations, there are two possibilities:

There is already a record starting with v=spf1. So it's an SPF.

Click on the pencil in Enter text, insert the include rule provided by your email provider (example: include:spf.example.io) between the last include command and the ~all (or -all or ?all) command.

Then save it!

There is no SPF registration. It must therefore be created.

Click on Add:

  • Type: TXT
  • Name: @
  • Enter a text: Copy/paste the text retrieved from your email provider which should look like this :

v=spf1 a mx include:spf.exemple.io ?all

  • Click on Create and save.

That's it. You're there! 😁


Gandi automatically adds quotes around the added SPF. Don't panic, it's normal 😁

For more information, Gandi has an SPF recording section

Gandi: Configure your DKIM signature

To create a DKIM record, you must first have created a CNAME record (see above).

Once you have retrieved your DKIM key from your email provider, log into your Gandi account.

On the sidebar, go to Domains and select the desired domain, then DNS Registration, then Add in the upper right corner:

enregistrements dns

Click on Add:

  • Type: TXT
  • Name: copy/paste the DNS Hostname delivered by your email provider.
  • Enter a text: copy/paste the DKIM key delivered by your email provider.

For more information, please see the Gandi or Oximailing FAQ.

Configure your DMARC signature on Gandi

enregistrements dns

Still in the DNS Records panel, click Add:

  • Type: TXT
  • Name: _dmarc.example.io (replace "example.io" by your domain)
  • Enter a text:

v=DMARC1; p=none; rua=mailto:votreadresse@exemple.com

Not so complicated? 😁

It is advisable to deploy the DMARC standard progressively using the p and pct variables. Full details at the bottom of the Google support page 😉

OVH: configure Custom Domain, SPF, DKIM and DMARC

OVH: Configure the Custom Domain

You must create a CNAME (Canonical Name) record. Otherwise you won't be able to configure DKIM or DMARC!

In your OVH control panel, click on the relevant domain in the left banner, then DNS Zone, then Add entry

zone dns

This dialog box appears:

dialog box

Fill in the following information:

  • Subdomain: the prefix you want to use (track for the tracking CNAME, etc.)
  • TTL: Default
  • Target: the area concerned by the setting up of CNAME

Now go to the Custom Domain section of your emailing service and add the CNAME record and domain name!

Set the SPF on OVH

Once in the OVH customer area, click on Domains in the left-hand service bar and choose the domain concerned. Then click on DNS Zone:

Here are two scenarios:

zone dns

It already has an SPF record (it starts with v=spf1).

In this case, you can modify it by adding a line to the record in question:

insert the include command (for example: include:spf.example.io) retrieved from your email provider between the last include command and the ~all (or -all or ?all) command of the current record.


There is no SPF record.

Click on the Add Entry button and complete the fields:

  • Add an entry to the DNS zone: TXT
  • Subdomain: (optional)
  • TTL: default
  • Value: Copy/paste the generated record to your email provider. In general, it looks like this:

v=spf1 a mx include:spf.exemple.io ?all

According to OVH, DNS modification takes effect after 4 hours to 24 hours.

More info on OVH support 😉

OVH: COnfigure your DKIM signature

To create a DKIM record, you must first have created a CNAME record.

Still, in your DNS settings, click Add Entry. Then choose the TXT field in the dialog box that opens and fill in the fields :

add entry
  • Subdomain: copy/paste the value indicated by your email provider. it looks like this: example._domainkey
  • TTL: Default
  • Value: copy/paste the DKIM Key generated by your email provider. If it doesn't, other sites will do it like DKIMcore.

You will find the subdomain value and DKIM key at your email provider. The path is often the same: Settings > My Domains > DNS Management > Email Authentication

Finally, save and confirm 😉

OVH: set up your DMARC record

To set up a DMARC signature, it is essential to have configured the DKIM beforehand.

Still in DNS Zone and after clicking on Add Entry:

zone dns

Fill in the following fields:

  • Add an entry to the DNS zone: TXT
  • Sub-domain: _dmarc
  • TTL: Default
  • Value:

v=DMARC1; p=none; rua=mailto:votreadresse@exemple.com

Click on Next, then Validate. That's it! 😍

It is advisable to deploy the DMARC standard progressively using the p and pct variables. See the bottom of the Google support page 😉 for more information.

1&1 (Ionos) : Set up SPF, DKIM et DMARC

1&1 : Set up the Custom Domain

Log in to your IONOS account. Then, go to the section Domains and SSL and choose the domain name concerned, then DNS management via the settings wheel :

my domains

Once you have entered your DNS records, click Add and fill in the fields:

  • Type: CNAME
  • Host name: enter the sub-domain of the URL whose alias you want (track for CNAME tracking, etc.)
  • Points to: Enter the domain whose alias you want to use.
The change takes effect immediately, but it can take up to an hour to synchronize, according to Ionos.

Save. That's a wrap.

Now go to the Custom Domain section of your emailing service and add the CNAME record and domain name!

1&1 : Set up the SPF record

Log in to your IONOS account. Then, go to the section Domains and SSL and choose the domain name concerned:

domains and ssl

As shown in the screenshot, go to Actions and open the settings wheel, then click DNS Management :

dns settings

Scroll down and you will see all your DNS records:

dns record

Here, 2 possibilities:


An SPF record already exists
(it is of type TXT and starts with v=spf1)

Click on the pencil in then insert the include rule provided by your email provider (example: include:spf.example.io) between the last include command and the ~all (or -allor ?all) command.

There is no SPF record.

Click Add Recording. You will see this dialog box:

add record

And fill in the fields:

  • Type: TXT
  • Prefix (Hostname): @
  • Value: Copy/paste the generated record to your email provider. It should look like this:

v=spf1 a mx include:spf.exemple.io ?all

All you have to do is register!

The creation of an SPF record is effective within 48 hours (at the latest)!

More info on the 1&1 support center 😉

1&1: Set up the DKIM record

To create a DKIM record, you must first have created a CNAME record (see above).

The procedure is the same as for the SPF -> you have to access the DNS configuration up to Add a record :

cname record

Once the dialog box opens, Add a record, then fill in the fields :

  • Type: TXT
  • Prefix: example._domainkey
  • Value: Copy/paste the DKIM key provided by your email provider

You will find the subdomain value and DKIM key at your email provider. The path is often the same:

Settings > My Domains > DNS Management > Email Authentication.

DKIM key generators such as DKIMcore can also do the trick, but we advise you to do it at your email provider.

Record it, and it's done!

1&1: Set up the Dmarc record

To set up a DMARC signature, it is essential to have configured the DKIM beforehand.

  • Type: TXT
  • Prefix:

_dmarc.exemple.io

  • Value:

v=DMARC1; p=none; rua=mailto:votreadresse@exemple.com

These are classic values, but we can have fun adding some: see the Google support which explains it all 😉

It is advisable to deploy the DMARC standard progressively using the p and pct variables. See the bottom of the Google support page 😉 for more information.

GoDaddy: Configure SPF, DKIM and DMARC

GoDaddy: Configure the Custom Domain

In your GoDaddy settings, go to My Products > Domains > Manage > DNS > Manage Zones

my products

domains

Once you have entered your DNS records, click Add and fill in the fields:

  • Type: CNAME
  • Host: enter the sub-domain of the URL whose alias you want (track for CNAME tracking, etc.)
  • Points to: Enter the domain whose alias you want to use.

Then save it!

Now go to the Custom Domain section of your emailing service and add the CNAME record and domain name!

GoDaddy: Set up the SPF record

Access your domain management space:

my products

Then to the management of DNS zones:

domains

Once in the Records section, 2 possibilities:

records

You already have an SPF record (record starting with v=spf1)

In this case, click on the pencil at the SPF record and add the following line of text to the record :

include:spf.example.io between the last include command and the ~all command (or -allor ?all)

You can generate the SPF record with your email provider!


No SPF registration 😱. You have to create one.

spf registration

Click on Add and select the TXT type from the menu, then fill in the following fields:

  • Type: TXT
  • Host: @
  • TXT value (replace "example.io" with your domain):

v=spf1 include:_spf.exemple.io ~all 

You can retrieve the TXT record from your email provider to ensure this (Settings > My Domains > DNS > Email Authentication).

More info on GoDaddy support 😉

GoDaddy: Configure your DKIM signature

Remember to create a CNAME record before creating the DKIM record!

On your GoDaddy account, access your parameters:

go daddy my products

Then to the management of DNS zones:

domains

Then click on Add a record (or Add), at the bottom right of all your records. Fill in the fields in the dialog box that appears:

Fill in the fields:

  • Type: TXT
  • Host: Copy/paste the DNS hostname (_domainkey) provided by your email service
  • Tip to: Copy/paste the DKIM key provided by your emailing service
  • TTL: 1 hour

You will find the subdomain value and DKIM key at your email provider. The path is often the same: Settings > My Domains > DNS Management > Email Authentication

Sometimes on GoDaddy, the recording doesn't work right away and GoDaddy displays "An unexpected error occurred" when you try to save the recording. Don't panic, refresh the page and the recording will (normally) still be taken into account.

Save. That's it!

GoDaddy: Configure your DMARC signature

To set up a DMARC signature, it is essential to have configured the DKIM beforehand.

Still, in the DNS menu, choose Manage Zones and select your :

domains

Then click Add to add a new record:

records

Remember to check if you already have a DMARC record before creating another one. You can only have one per domain!

Fill in the fields:

dmarc
  • Type: TXT
  • DNS host: _dmarc.example.io (replace "example.io" with your domain)
  • TXT value:

v=DMARC1; p=none; rua=mailto:votreadresse@exemple.com

It is advisable to deploy the DMARC standard progressively using the p and pct variables. See the bottom of the Google support page 😉 for more information.

Don't forget to save... And there you are!

Namecheap: Configure your  Custom domain, SPF, DKIM and DMARC

Namecheap: Configure the Custom Domain

To set up the Custom Domain, a CNAME record must be created. To do this, go to Account > Domains > choose domain > Manage > Advanced DNS > Actions :


advanced dns
  • Type: CNAME
  • Host: the sub-domain you want ("track" for custom domain tracking, etc.)
  • Value: the domain whose alias you want to use

Save.

The propagation time is 30 minutes at Namecheap.

After 30 minutes, go to the Custom Domain section of your emailing service and add the CNAME registration and domain name!

Namecheap: Setting up the SPF record

In your Namecheap account, go to Account > List of domains > choose the domain > Manage :

namecheap

Once in the DNS management menu (Advanced DNS), 2 possibilities:

An SPF record already exists (it starts with v=spf1)

In this case, click on the value range of the SPF record and add the include rule provided by your email provider (example: include:spf.example.io) between the last includecommand and the ~all (or -all or ?all) command. Finally, save!

There is no SPF record.

In the Actions drop-down menu:

advanced dns

Select type TXT. Then select the type TXT:

  • Host: @
  • Value:
  • Copy/paste the generated record to your email provider. It should look like this:

v=spf1 a mx include:spf.exemple.io ?all

All you have to do is register!

Namecheap: configure the DKIM signature

To create a DKIM record, you must first have created a CNAME record (see above).

Still in the advanced DNS tab, select Action > TXT type :

advanced dns

Add a record and fill in the fields :

  • Host: Copy/paste the DNS hostname (_domainkey) provided by your email service
  • Value: Copy and paste the DKIM key provided by your emailing service

Then record.

You will find the subdomain value and DKIM key at your email provider. The path is often the same: Settings > My Domains > DNS Management > Email Authentication

Feel free to have a look at the Namecheap support if you want more details!

Namecheap: Setting up DMARC recording

To set up a DMARC signature, it is essential to have configured the DKIM beforehand.

Still in the advanced DNS menu, add a TXT record in Action and fill in the fields :

  • Type: TXT
  • Host: _dmarc.example.io (replace "example.io" with your domain)
  • TXT value:

v=DMARC1; p=none; rua=mailto:votreadresse@exemple.com

Then save the change!

It is advisable to deploy the DMARC standard progressively using the p and pct variables. See the bottom of the Google support page 😉 for more information.

Now that your domain is optimized, nothing better than a fresh and reliable contact base to move forward!

Good timing, Dropcontact verifies, cleans, and enriches your prospect files, all without a database and 100% GDPR compliant!

You want to try? The first 100 contacts are free! 🎁

Most frequently asked questions

What's the SPF protocol?

SPF (Sender Policy Framework) is a protocol that guarantees and certifies the original IP of an email that was sent. It shows your recipient's server which IP addresses are authorized to send you emails. The SPF protects your identity, your reputation and your emails against spam.

What the DKIM protocol?

DKIM (DomainKeys Identified Mail) is a cryptographic authentication method in emailing. 🤓 In short, the DKIM is a digital signature that ensures the integrity of your emails: verified sender, secure and unchanged content. This protocol is particularly efficient to fight against email retention and/or modification when a message is being sent (you might have heard about "man in the middle" attacks).

What's the DMARC protocol?

The DMARC (Domain-based Message Authentication Reporting and Conformance) standardizes the way recipients go through email authentication using SPF and DKIM methods. The DMARC protocol allows you to: make sure no illegitimate address is usurping your domain and improve your email deliverability, since legitimate email messages coming from your domain will have higher chances of reaching your recipient's inbox.
Share this article

Let's Get Started !

Don't waste a single minute
on your CRM data!