How do I add TXT/SPF/DKIM/DMARC records for my domain?
SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. Incidentally the fact that SPF is a DNS entry can also considered a way to enforce the fact that the list is authoritative for the domain, since the owners/administrators are the only people allowed to add/change that main domain zone.
Thus, SPF gives other mailservers a way to verify that mail claiming to be from your domain is sent from one of your authorized IP addresses. They do this by checking a special TXT record configured in the domain name zone. It helps to establish the legitimacy of the domain mail server and reduces the chances of spoofing, which occurs when someone fakes the headers on an email to make it look like it’s coming from your domain, even though the message did not originate from your mail server.
Maximum record length: 60 symbols (including digits and characters)for Host and 255 symbols for the Value field.
A very basic SPF record looks like the following:
example.com TXT v=spf1 a ~all
DKIM (DomainKeys Identified Mail) should be instead considered a method to verify that the messages' content are trustworthy, meaning that they weren't changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by an implementation of the standard public/private key signing process. Once again the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.
DKIM records are implemented as text records as well. The record must be created for a subdomain, which has a unique selector for that key, then a period (.), and then a protocol name '_domainkey' and the domain name itself. The type is TXT, and the value includes the type of key, followed by the actual key.
Maximum record length: 60 symbols for Host and 255 symbols for the Value field. Also only the 1024 bit key is supported.
A typical DKIM record looks like the following:
selector1._domainkey.example.com TXT k=rsa;p=J8eTBu224i086iK
DMARC (Domain-based Messaging and Reporting Compliance) is a technology designed to combat email spoofing and is useful to stop phishing. Specifically, it protects the case where a phisher has spoofed the Display From address (also know as 5322.From email address). DMARC protects users by evaluating both SPF and DKIM and then determines if either domain matches the domain in the Display From address.
Maximum record length: 60 symbols for Host and 255 symbols for the Value field.
A very basic DMARC record looks like the following:
_dmarc.example.com TXT v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:email@example.com
Setting up the records
If your domain is pointed to our BasicDNS, BackupDNS (a legacy option), PremiumDNS or FreeDNS, you can easily set up TXT, SPF, DKIM and DMARC records in your Namecheap account.
Follow the instructions below to add a needed record:
1. Having logged into the Namecheap account, choose Domain List on the left and click on the Manage button next to your domain:
2. Navigate to the Advanced DNS tab from the top menu and click on the Add new record button:
3. Select TXT Record for Type and insert a string (usually, you can get it from your service provider) into the Value field.
For Host, add @ that corresponds to yourdomain.tld or a subdomain (for example, 3434._domainkey as shown in the screenshot below) you need to create the TXT/SPF/DKIM/DMARC record for.
Note: the domain name itself should not be included to the Host field.
4. Click on the Save all changes button. Normally, it takes 30 minutes for newly created host records to take effect.
If you have any questions, feel free to contact our Support Team.