Email authentication guides
Practical, no-nonsense guides to SPF, DKIM and DMARC. Fix what is broken and keep your mail out of spam.
How to Find Where Your DNS Is Hosted (So You Can Add SPF, DKIM, and DMARC)
Before you can add SPF, DKIM, or DMARC, you have to find the provider that actually controls your DNS records. Your nameservers tell you exactly who that is, and it is often not the company you bought the domain from. This guide shows you how to look up your nameservers, tell your registrar apart from your DNS host, and jump straight to the right setup steps for Cloudflare, GoDaddy, Namecheap, or Route 53.
What DNS Records Does Your Domain Need to Send and Receive Email?
A complete, ordered map of the DNS records a domain needs to send and receive email: MX and its A/AAAA target to receive, SPF, DKIM and DMARC to authenticate, plus optional MTA-STS and BIMI. Learn which records are mandatory versus optional and the exact order to add them so nothing breaks mid-setup, then confirm each one with a free scan.
What Is a DNS TXT Record? A Plain-English Guide for Email Authentication
A DNS TXT record stores plain text in your domain's DNS, and for most people the only reason to touch one is email authentication: SPF, DKIM, and DMARC all live in TXT records. This guide shows annotated real examples, explains the host, value, and TTL fields, and covers the 255-character split and multiple-strings gotchas that quietly break records.
How to Set Up SPF, DKIM, and DMARC on GoDaddy Without Breaking Email
A step-by-step guide to configuring SPF, DKIM, and DMARC in the GoDaddy Domain Portfolio DNS panel. Learn how to merge multiple SPF includes into one record, avoid the @ versus host-prefix mistake, add records in the safe order so nothing bounces, and verify the result with a paste-ready DMARC starter policy.
Namecheap SPF, DKIM, and DMARC Setup Guide (Step-by-Step)
A precise walkthrough for adding SPF, DKIM, and DMARC records in Namecheap Advanced DNS. Covers when the tab is available, the @ versus blank Host confusion, correct TXT value formatting, DKIM as CNAME or TXT depending on your sending provider, and how to verify the records actually took effect.
How to Add SPF, DKIM, and DMARC Records in Cloudflare (Step-by-Step)
Add SPF, DKIM, and DMARC in Cloudflare DNS with exact dashboard clicks and paste-ready TXT values. Covers the traps that break setups: TXT records must be gray-cloud DNS only, Cloudflare auto-appends your domain so you enter _dmarc not the full hostname, and how the Email DMARC Management wizard differs from manual records. Then confirm authentication passes with the free spfwise checker.
How to Add SPF, DKIM, and DMARC Records in AWS Route 53
A precise walkthrough for adding SPF, DKIM, and DMARC records in AWS Route 53 using the Create Record flow. Covers correct TXT quoting, leaving the record name blank for the root SPF record, the _dmarc subdomain, how Amazon SES auto-publishes DKIM CNAMEs into your hosted zone, and starting DMARC at p=none before tightening. Verify the result with the SPFWise checker.
Postmark SPF, DKIM & DMARC Setup: The Complete Domain Authentication Guide
Postmark already makes SPF pass through its own Return-Path on mtasv.net, so the authentication work that actually matters for DMARC is the DKIM TXT record and a custom Return-Path CNAME to pm.mtasv.net. This guide explains why an SPF pass is not the same as SPF alignment, walks through both records in your DNS, sets a sensible DMARC policy, and shows how to confirm the finished result.
Mailgun SPF, DKIM & DMARC Setup: Authenticate Your Sending Domain Step by Step
Mailgun authenticates through a dedicated sending subdomain, so the SPF include:mailgun.org and the mx._domainkey DKIM TXT belong on mail.yourdomain.com, not your root. This guide walks through every DNS record Mailgun asks for, how to merge SPF into an existing root record, the optional MX and CNAME tracking records, the propagation wait, adding a root-level DMARC policy, and verifying the whole chain.
Brevo SPF, DKIM & DMARC Setup: Authenticate Your Domain (formerly Sendinblue)
Brevo authenticates your domain with DKIM, not SPF. On shared IPs the envelope sender stays on Brevo's domain, so SPF does not align to your From address, but Brevo signs mail with your domain and DMARC passes on DKIM alignment alone. This guide covers the brevo_code record, automatic and manual DKIM flows, the Sendinblue rename, the Gmail and Yahoo rules, and how to verify.
550 5.7.1 'Email Rejected Per DMARC Policy': Causes and Step-by-Step Fix
A 550 5.7.1 email rejected per DMARC policy bounce means the receiving server enforced your p=reject or p=quarantine policy because the message failed DMARC. This guide shows how to tell whether it is your own mail or a forgotten third-party tool, how to read the bounce, and how to add the missing SPF include or DKIM key instead of weakening your policy.
550 5.7.23 'SPF Validation Failed': Why It Happens and How to Resolve It
The 550 5.7.23 bounce means the receiver rejected your mail because SPF authentication failed and a policy told it to reject. It usually points to one of three things: a hard -all fail from a sender that is not listed, an SPF PermError from too many DNS lookups or broken syntax, or forwarding that rewrites the path. This guide separates the three causes and shows how to confirm which one you have.