If your domain is pointed to Namecheap Web Hosting DNS, you can add the DNS records in your cPanel.
SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. Incidentally the fact that SPF is a DNS entry can also considered a way to enforce the fact that the list is authoritative for the domain, since the owners/administrators are the only people allowed to add/change that main domain zone.
Thus, SPF gives other mailservers a way to verify that mail claiming to be from your domain is sent from one of your authorized IP addresses. They do this by checking a special TXT record configured in the domain name zone. It helps to establish the legitimacy of the domain mail server and reduces the chances of spoofing, which occurs when someone fakes the headers on an email to make it look like it’s coming from your domain, even though the message did not originate from your mail server.
A very basic SPF record looks like the following:
example.com TXT v=spf1 a ~all
DKIM (DomainKeys Identified Mail) should be instead considered a method to verify that the content of the messages is trustworthy, meaning that it wasn't changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by an implementation of the standard public/private key signing process. Once again the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.
DKIM records are implemented as text records as well. The record must be created for a subdomain, which has a unique selector for that key, then a period (.), and then a protocol name '_domainkey' and the domain name itself. The type is TXT, and the value includes the type of key, followed by the actual key.
Both 1024 bit and 2048 bit keys are supported.
A typical DKIM record looks like the following:
selector1._domainkey.example.com TXT k=rsa;p=J8eTBu224i086iK
A very basic DMARC record looks like the following:
_dmarc.example.com TXT v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:email@example.com
Google verification records
To verify your domain registered with us for G Suite, please refer to this guide. If your domain is hosted with us, please check G Suite: Domain hosted with Namecheap ownership validation.
Setting up the records
2. Navigate to the Advanced DNS tab from the top menu and click on the Add new record button:
For Host, add @ that corresponds to yourdomain.tld or a subdomain (for example, 3434._domainkey as shown in the screenshot below) you need to create the TXT/SPF/DKIM/DMARC record for.
If you have any questions, feel free to contact our Support Team.