How do I add TXT/SPF/DKIM/DMARC records for my domain?

It is possible to set up TXT, SPF, DKIM and DMARC records in your Namecheap account if your domain is pointed to our BasicDNS, PremiumDNS or FreeDNS.

If your domain is pointed to Namecheap Web Hosting DNS, you can add the DNS records in your cPanel.

SPF records

SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that are authorized to send mail for a specific domain. Incidentally, as a DNS entry, SPF can also be considered a way to enforce the fact that the list is authoritative for the domain since the owners/administrators are the only people allowed to add/change that main domain zone.

Thus, SPF gives other mailservers a way to verify that mail claiming to be from your domain is sent from one of your authorized IP addresses. They do this by checking a special TXT record configured in the domain name zone. It helps to establish the legitimacy of the domain mail server and reduces the chances of spoofing, which occurs when someone fakes the headers of an email to make it look like it’s coming from your domain, even though the message did not originate from your mail server.

A very basic SPF record looks like the following:

example.com   TXT     v=spf1 a ~all

Here is a guide on how to configure an SPF record:



This guide is valid for all the domains using Namecheap BasicDNS, PremiumDNS, or FreeDNS.

For the services that you have with Namecheap, SPF record is added automatically. However if you would like to use our Web-Hosting services along with PremiumDNS, you will need to create the records, including SPF, manually using this guide .


DKIM records

DKIM (DomainKeys Identified Mail) should instead be instead considered a method to verify that the content of messages is trustworthy, meaning that it hasn't changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by the implementation of the standard public/private key signing process. Once again, the owners of a domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side, the server will sign entitled mail messages with the corresponding private key.

DKIM records are implemented as text records as well. The record must be created for a subdomain and should contain a unique selector for that key, then a period (.), and then the protocol name '_domainkey' and the domain name itself. The type is TXT, and the value includes the type of key, followed by the actual key.

Both 1024 bit and 2048 bit keys are supported.

A typical DKIM record looks like the following:

selector1._domainkey.example.com        TXT     k=rsa;p=J8eTBu224i086iK

Here is a video guide on how to set up a DKIM record for a domain pointed to our BasicDNS/PremiumDNS/FreeDNS:




DMARC records

DMARC
(Domain-based Messaging and Reporting Compliance) is a technology designed to combat email spoofing and is useful to stop phishing. Specifically, it protects against the cases where a phisher has spoofed the Display From address (also know as the 5322.From email address). DMARC protects users by evaluating both SPF and DKIM and then determining if either domain matches the domain in the Display From address.

A very basic DMARC record looks like the following:

_dmarc.example.com   TXT     v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:dmarcreports@example.com

Here is a video guide on how to configure a DMARC record:



Google verification records

To verify your domain registered with us for G Suite, please refer to this guide. If your domain is hosted with us, please check G Suite: Domain hosted with Namecheap ownership validation.

Setting up the records

You are welcome to use the video guide or follow the text instructions provided further in the document.


If your domain is pointed to our BasicDNS, PremiumDNS or FreeDNS, follow the instructions below to add a needed record:

1. Having logged into the Namecheap account, choose Domain List on the left and click on the Manage button next to your domain:


2. Navigate to the Advanced DNS tab in the top menu and click on the Add new record button:



3. Select TXT Record for Type and insert a string (usually, you can get it from your service provider) into the Value field.

For Host, add @ that corresponds to yourdomain.tld or a subdomain (for example, 3434._domainkey as shown in the screenshot below) you need to create the TXT/SPF/DKIM/DMARC record for.


NOTE: The domain name itself should not be included in the Host field. It means that if you need to add the record for something._domainkey.yourdomain.tld, only something._domainkey is to be added as a Host value (even if your service provider asked you to add the domain itself as well). This is a system requirement.



4. Click on the Save all changes button. Normally, it takes 30 minutes for newly created host records to take effect.


That's it!

If you have any questions, feel free to contact our Support Team.

Updated
Viewed
211175 times

Need help? We're always here for you.

notmyip