DNS Providers
      Back to home
      1. Help Center
      2. DNS Providers

      Dynadot

      How to add SPF, DKIM, and DMARC

      How to add SPF (Sender Policy Framework)


      1- Login into your Dynadot account.

      2- Head to your Dynadot My Domains dropdown tab and then to the Manage Domains.



      3- Check the box next to your domain names, click on the bulk action button in the dropdown menu, and click DNS settings.


      4- From Domain Record select add a new record.


      5- You need only to add your SPF Record Type, as well as the Target Host part.


      For example:


      In this case, we whitelisted Zoho’s SPF in our DNS zone.



      Record Type

      Target Host

      TXT Record

      v=spf1 include:zoho.com ~all


      6- Additionally, if you’re using sources that only have an IP address you can add the IPs in the same current SPF record.

       



      Record Type

      Target Host

      TXT Record

      v=spf1 ip4:169.148.146.23/32 include:zoho.com ~all

      7- Click “Save DNS” to finish your Dynadot SPF setup.


      Note: Having multiple SPF Records for a single root domain is a bad practice and results in authentication failure. If you use multiple sources within your organization, you must have them whitelisted in a single SPF Record.

      How to add DKIM (Domain Keys Identified Mail)


      It’s the same process for DKIM as well, but we will do some changes for DKIM.


      Note: Before diving into steps on how to add DKIM to your Dynadot, it is important to understand that each provider has their own Private/Public Keys that they provide to their customers. In this article, we are focusing on Zoho Mail. We’ve generated the DKIM Public signature from the Zoho Mail portal, and in the next steps, we are going to implement it in our DNS (Dynadot).


      1- Try to make sure that you’re adding your DKIM record from the Subdomain Records tab and not from the Domain Record tab.



      2- Make sure to add your DKIM Record Type, Target Host, and Subdomain parts.



      Record Type

      Subdomain

      Target Host

      TXT Record

      zmail._domainkey

      v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+BeYApQiIf2makHXZzj/vmRNO

      kmQXqVu4aKYcNqj5ANGbJNYGROfo63TTlu2KUWootMQ1nHiiKfFODPO6LjUwn3zp

      mRv7ONmcm40QOysLrv5cGk+l9letBM7DnVqrvHsMOMHVv1q87fy1n4DuqDM/cVKM

      qaAExyY+yAKZfUfuRQIDAQAB

      The target Host part contains the public DKIM signature that was generated from the Zoho Mail portal.


      3- Click “Save DNS” to finish your Dynadot DKIM setup.


      How to add DMARC (Domain Message Authentication Reporting Conformance)


      Now from the same place, we can add the DMARC as well.


      There are 2 ways to generate DMARC Record:

      1. When you directly register on EasyDMARC, our system automatically provides you a DMARC Record upon adding your domain
      2. You can also use EasyDMARC’s DMARC Record Generator tool to get a DMARC Record

      After generating DMARC Record, you need to update it in your Dynadot.



      Make sure to add your DMARC Record Type, Target Host, and Subdomain part.




      Record Type

      Subdomain

      Target Host

      TXT Record

      _dmarc

      v=DMARC1;p=none;rua=mailto:29506ecf8e@rua.easydmarc.us;ruf=mailto:29506ecf8e@ruf.easydmarc.us;fo=1;

      Important Note:

      It’s always recommended to first start your DMARC Journey in Monitoring mode (p=none). That will help you gather reports, identify & authenticate legitimate email servers used in your organization, and later on advance your Policy to higher levels such as Quarantine or Reject.


      After updating, click “Save DNS” to finish your Dynadot DMARC setup.