Rosen Advertising

Email Authentication Setup

Set up SPF, DKIM, and DMARC to ensure your emails reach their intended recipients. These three records are essential for every law firm using email marketing or client communication.

1. Add an SPF Record

Step 1 — Identify your mail servers

List all mail servers and third-party services (like email marketing platforms) that send email on behalf of your domain. You'll need to include all of them in your SPF record.

Step 2 — Access your DNS settings

Log in to your domain registrar (GoDaddy, Namecheap, etc.) or DNS provider (Cloudflare, Amazon Route 53) and navigate to the DNS management section.

Step 3 — Create your SPF record

SPF is a TXT record. A basic example:

v=spf1 include:_spf.example.com ~all

Replace _spf.example.com with your email provider's SPF domain. The ~all qualifier means soft fail for unlisted servers. Use -all for hard fail.

Step 4 — Add the record to DNS

Create a new TXT record. Set the Name/Host field to @ (root domain). Paste your SPF value into the Value/Text field. Save.

Step 5 — Validate

Use MXToolbox or run nslookup -type=txt yourdomain.com to confirm the record is live.


2. Configure DKIM

Step 1 — Generate DKIM keys

Most email service providers (Google Workspace, Microsoft 365, Mailchimp) have built-in DKIM key generation. Log in, navigate to email authentication settings, and generate a new DKIM key. Use 2048-bit for stronger security.

Step 2 — Retrieve your public key

Your ESP will provide a selector name and a public key. The public key will look something like:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN...

Step 3 — Access your DNS settings

Log in to your registrar or DNS provider and navigate to DNS management.

Step 4 — Add the DKIM TXT record

Create a new TXT record. In the Name/Host field, enter your selector followed by ._domainkey — for example, if your selector is mail, enter mail._domainkey. Paste the full public key value into the Value/Text field. Save.

Step 5 — Validate

Use MXToolbox or your ESP's built-in validation tool to confirm the DKIM record is live.

Step 6 — Enable DKIM signing in your ESP

Return to your ESP's control panel and enable DKIM signing for your domain. This tells your ESP to sign outgoing emails with the private key that matches your published public key.


3. Create a DMARC Policy

Step 1 — Understand DMARC policies

DMARC tells receiving mail servers what to do when an email fails SPF and DKIM checks. Three policy options:

  • none — take no action, just report
  • quarantine — send to spam
  • reject — reject the email outright

Step 2 — Create your DMARC record

A basic DMARC record:

v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourdomain.com

Replace yourdomain.com with your actual domain. Start with p=none if you're not confident about your SPF/DKIM setup — you can tighten the policy later.

Step 3 — Access your DNS settings

Log in to your registrar or DNS provider.

Step 4 — Add the DMARC TXT record

Create a new TXT record. Set the Name/Host field to _dmarc. Paste your DMARC policy into the Value/Text field. Save.

Step 5 — Validate

Use MXToolbox or Palisade to confirm your DMARC record is published and functioning correctly.