How do I add TXT/SPF/DKIM/DMARC records for my domain?
It is possible to set up TXT, SPF, DKIM and DMARC records in your Namecheap account if your domain is pointed to our BasicDNS, BackupDNS (a legacy option), PremiumDNS or FreeDNS.
If your domain is pointed to Namecheap Web Hosting DNS, you can add the DNS records in your cPanel.
SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. Incidentally the fact that SPF is a DNS entry can also considered a way to enforce the fact that the list is authoritative for the domain, since the owners/administrators are the only people allowed to add/change that main domain zone.
Thus, SPF gives other mailservers a way to verify that mail claiming to be from your domain is sent from one of your authorized IP addresses. They do this by checking a special TXT record configured in the domain name zone. It helps to establish the legitimacy of the domain mail server and reduces the chances of spoofing, which occurs when someone fakes the headers on an email to make it look like it’s coming from your domain, even though the message did not originate from your mail server.
A very basic SPF record looks like the following:
example.com TXT v=spf1 a ~all
DKIM (DomainKeys Identified Mail) should be instead considered a method to verify that the content of the messages is trustworthy, meaning that it wasn't changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by an implementation of the standard public/private key signing process. Once again the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.
DKIM records are implemented as text records as well. The record must be created for a subdomain, which has a unique selector for that key, then a period (.), and then a protocol name '_domainkey' and the domain name itself. The type is TXT, and the value includes the type of key, followed by the actual key.
Both 1024 bit and 2048 bit keys are supported.
A typical DKIM record looks like the following:
selector1._domainkey.example.com TXT k=rsa;p=J8eTBu224i086iK
DMARC (Domain-based Messaging and Reporting Compliance) is a technology designed to combat email spoofing and is useful to stop phishing. Specifically, it protects the case where a phisher has spoofed the Display From address (also know as 5322.From email address). DMARC protects users by evaluating both SPF and DKIM and then determines if either domain matches the domain in the Display From address.
A very basic DMARC record looks like the following:
_dmarc.example.com TXT v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:email@example.com
Setting up the records
If your domain is pointed to our BasicDNS, BackupDNS (a legacy option), PremiumDNS or FreeDNS, follow the instructions below to add a needed record:
1. Having logged into the Namecheap account, choose Domain List on the left and click on the Manage button next to your domain:
2. Navigate to the Advanced DNS tab from the top menu and click on the Add new record button:
3. Select TXT Record for Type and insert a string (usually, you can get it from your service provider) into the Value field.
For Host, add @ that corresponds to yourdomain.tld or a subdomain (for example, 3434._domainkey as shown in the screenshot below) you need to create the TXT/SPF/DKIM/DMARC record for.
NOTE: The domain name itself should not be included in the Host field. It means that if you need to add the record for something._domainkey.yourdomain.tld, only something._domainkey is to be added as a Host value (even if your service provider asked you to add the domain itself as well). This is a system requirement.
4. Click on the Save all changes button. Normally, it takes 30 minutes for newly created host records to take effect.
If you have any questions, feel free to contact our Support Team.