Why Email Authentication Matters
Email authentication helps prevent spam and phishing by verifying that emails actually come from your domain. Proper configuration improves deliverability and prevents spoofing.
SPF (Sender Policy Framework)
SPF specifies which servers are allowed to send email for your domain.
Adding SPF Record
- Go to Domains → DNS Zone in EGPNL
- Add a new TXT record
- Name:
@(or leave blank) - Value: Your SPF record (see examples below)
- Save the record
Basic SPF Record
v=spf1 a mx ~allThis allows your domain's A record and MX servers to send email.
SPF with External Services
If using additional email services like Google Workspace or Mailchimp:
v=spf1 a mx include:_spf.google.com include:servers.mcsv.net ~allinclude: statements can cause failures.
DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to emails, proving they weren't modified in transit.
Enabling DKIM
- Go to Email → DKIM in EGPNL
- Select your domain
- Click Enable DKIM
- Copy the generated DKIM record
- Add it as a TXT record in your DNS
DKIM Record Format
Name: default._domainkey
Type: TXT
Value: v=DKIM1; k=rsa; p=MIGf...long-key...DMARC (Domain-based Message Authentication)
DMARC tells receiving servers what to do when SPF or DKIM checks fail.
Adding DMARC Record
- Go to DNS Zone in EGPNL
- Add a TXT record
- Name:
_dmarc - Value: Your DMARC policy
DMARC Policies
Monitor Only (Start Here)
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.comSends reports but doesn't reject emails.
Quarantine
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.comFailed emails go to spam folder.
Reject
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.comFailed emails are rejected completely.
Verification Tools
Check your email authentication setup:
Recommended Setup
For best deliverability, implement all three:
- Add SPF record (required)
- Enable DKIM signing (recommended)
- Add DMARC record starting with p=none (recommended)
- Monitor DMARC reports
- Gradually move to stricter DMARC policy
Was this article helpful?