DevOps is crucial to your cloud-native

Table of contents


Configure email authentication - MX, SPF, DKIM, DMARC

Note: This guide only helps with email authentication for the emails (Eg. Email notifications) sent using OUR delivery server we configured for you. It DOES NOT apply if you are using external providers like Sendgrid, Mailgun, Mailjet etc. You also need to add the DNS records they provide you with.

We configure outbound SMTP delivery servers with high-reputation IP pools as a complimentary service. To ensure the server works well for your business and the emails get through to your inbox, you must set up these DNS records for the domain you would like to use for sending. For example, if you want to send from @yourdomain.com, you need to set each of these records for that specific domain. You should be able to add new DNS records with ease. If you are unsure how to do it, you can get in touch with us or contact your DNS provider. There are also many guides on carrying this out, which show you how to add new records to your domain - just a google search away.

The easy way

The easiest way to know which records to add is by adding the sending domain in MailWizz. We have developed a custom module to enhance this process. You can add your sending domain by logging in as a customer. Then go to “Domains” -> “Sending domains” -> Create new. Type the domain you own and would like to send from. At the bottom of that page, select the delivery servers you want to use with this sending domain.

Our system will generate the correct records for you to add, just like the records below. Add those generated records in your DNS zone file (the people you purchased your domain name from). Wait 5-10 minutes for the DNS to propagate (sometimes, this process can take up to 48 hours). Next, click on “Verify DNS Records”. The system will tell you what you are missing if you are missing any records. It should show you a successfully verified message if you added everything correctly. That’s it. You can start sending emails using that sending domain.

The hard way

First, determine what domain/sub-domain you would like to use to send emails. For example, many people use a sub-domain to send their marketing campaigns and another for sending transactional (notifications, sign-up emails). Doing this will help keep both channels separate, which is the best practice. We will refer to this as the ‘default’ domain. Let’s say you have chosen @newsletter.yourdomain.com to be your default domain. Let’s move ahead to creating an SPF record.

SPF Record

SPF (Sender Policy Framework) is a record to identify which email servers are authorised to send an email for any given domain. It is the most common form of email authentication. It helps prevent spammers from sending fraudulent emails using the ‘FROM’ address that belongs to you. Some providers allow adding SPF records directly, while others will enable you to add it as a TXT record type. Either is fine, and both will fulfil the purpose. Replace yourdomain.com with the actual sending domain/sub-domain you have chosen

Host/Name

yourdomain.com

Type: TXT

Value

v=spf1 include:default.sendtrack.email ~all

If you already have an SPF record or something that looks similar to the above, add the include:default.sendtrack.email to it. So if your SPF record looked something like this: v=spf1 include:_spf.google.com ~all. The changed record would look something like this: v=spf1 include:_spf.google.com include:default.sendtrack.email ~all

Domain keys (DKIM)

DKIM (DomainKeys Identified Mail) allows receiving servers to verify that the mail is authorised and sent by you - the domain administrator. The process further authenticates you as the domain owner and legitimate sender and stops spammers since they cannot sign their emails using your key. Only you can sign with your key. Don’t forget to replace yourdomain.com with your actual sending domain.

Host/Name

api._domainkey.yourdomain.com

Type: TXT

Value

k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

Tracking

We provide extensive open and click tracking, allowing you to quickly view who opened or clicked on your email. These links utilise our domain, but this can sometimes trigger spam filters since the sending domain doesn’t match the domain used for tracking links. To fix this, you need to add a CNAME record which will allow us to mask your domain on top of our underlying link-tracking mechanism. Then, replace your domain part with yours as in the previous steps.

Host/Name

tracking.yourdomain.com

Type: CNAME

Value

tracking.default.sendtrack.email

Host/Name

track.yourdomain.com

Type: CNAME

Value

YOUR-USERNAME.sendtrack.email

Replace the YOUR-USERNAME with your actual username. This is the same address where you log in to your hosted MailWizz platform. After adding the tracking domain, don’t forget to add track.yourdomain.com to your MailWizz platform. If you use Cloudflare as your DNS provider, please ensure the Cloudflare cloud icon is grey (turned off). Or else the tracking links do not function as expected. See the example below.

CloudFlare turn off DNS

Bounces

We need to ensure all bounces are correctly processed and sent to your platform. To ensure this happens correctly, we need to point out all bounces to be returned and handled by us.

Host/Name

bounces.yourdomain.com

Type: CNAME

Value

bounces.sendtrack.email

DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance) is another email authentication protocol built on the SPF and DKIM protocols we added in previous steps. Setting a DMARC policy allows you as a sender to indicate that SPF and DKIM sign your emails. It also details what the mail server should do if neither of those authentication methods passes when verified, such as classifying that email as Junk/Spam. It also allows you to specify where to send a report when these verifications fail, enabling you to evaluate further where these emails are originating. If they are yours, you can work on fixing them up. There are a few options for configuring it. The first option is straightforward - it is to say that you do not wish to receive any reports. The second option allows you to specify where the mail server can send notifications in case of failures and aggregate information. We will list these options, and you can choose what works best for you.

Option 1 - Simple and most common method

Host/Name

_dmarc.yourdomain.com

Type: TXT

Value

v=DMARC1; p=reject; pct=100;

Option 2 - To specify where to send the reports

Host/Name

_dmarc.yourdomain.com

Type: TXT

Value

v=DMARC1; p=reject; pct=100; ruf=mailto:[email protected]; rua=mailto:[email protected]

Please make sure you replace the [email protected] with the email address to which you would like the reports sent. We highly recommend you create a new inbox specifically for this as the reports can get a lot in quantity when sending large amounts of emails or if the domain is popular.

MX

MX (Mail Exchange) records allow mail servers to know which email server to communicate with if they have an email to send. It is the way to receive emails from other email servers. We highly recommend configuring proper MX records to ensure you are receiving emails belonging to yourdomain.com. Another reason to have an appropriate MX record is to ensure that other mail servers see you as a legitimate domain and email sender. Most spam email senders tend not to have proper MX records as they want to send emails but do not receive spam themselves.

Verification

After creating these records, ensure you verify the domain through the MailWizz backend (Domains -> Sending domains -> Create new) by clicking on “Verify DNS records”. Once you get a thumbs up, your domain is ready to use. You can start sending emails from @yourdomain.com without any restrictions.

Adding tracking domain to your MailWizz

  1. Log in as a customer and go to Domains -> Tracking domains
  2. Type the tracking domain you’ve added above - track.yourdomain.com and leave the other options as they are
  3. Click on “Save changes”

If you have done it correctly, it should not show any errors. Congratulations, you have successfully added a tracking domain to MailWizz. Now it is time to use it in your email campaigns.

Use tracking domain with your email campaign

Use tracking domain with your email campaign
  1. Go to Campaigns -> All campaigns -> Create new
  2. Type in the details as you normally would and click on the “Save and next” button at the bottom right corner
  3. After typing your “From” email address and filling out other details, you will see a “Campaign options” box
  4. In the “Campaign options” box, you will see an option to pick your newly created tracking domain
  5. Ideally, you would want to pick a tracking domain based on the “From” email domain you are sending from

That’s it. You have successfully created the DNS records, made a tracking domain on MailWizz, and used it in your email campaign.

See also ➰