Email DNS Setup Guide
Set up SPF, DKIM, and DMARC on your sending domain to maximize deliverability and avoid the spam folder.
Why this matters
Without SPF, DKIM, and DMARC your emails will likely land in spam or get rejected. These DNS records tell receiving mail servers that you are a legitimate sender — not a spammer.
Where do I add these records?
All records are added in your domain registrar or DNS provider — wherever you manage your domain (e.g. Cloudflare, GoDaddy, Namecheap, Google Domains). Log in there, go to DNS settings, and add the TXT records below.
SPF (Sender Policy Framework) tells receiving servers which mail service is allowed to send emails for your domain. The exact SPF value comes from your email provider (Gmail, Zoho, etc.) — not from ReachFast.
ReachFast uses your own SMTP to send emails, so SPF must be set up on your domain pointing to your mail provider — not to us.
DNS record to add:
TYPE
TXT
HOST / NAME
@
TTL
3600
VALUE — pick the one that matches your email provider:
Google Admin Console → Apps → Google Workspace → Gmail → Authenticate email. Google shows you the exact SPF record to add.
Zoho Mail Admin Console → Domains → your domain → Email Authentication → SPF. Zoho provides the exact record.
Microsoft 365 Admin Center → Settings → Domains → your domain → DNS records. Microsoft lists the SPF record for you.
cPanel → Email Deliverability → your domain → Manage. Your host auto-generates the correct SPF record based on your server IP.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to your emails. The DKIM key is generated by your email provider — you cannot create it yourself. You must get it from their admin panel and paste it into your DNS.
DKIM keys are unique to your account and domain. There is no generic value to copy — follow the steps for your provider below to get your key.
DNS record format (for reference):
TYPE
TXT
HOST / NAME
selector._domainkey
VALUE
v=DKIM1; k=rsa; p=...
How to get your DKIM key — select your provider:
1. Go to Google Admin Console (admin.google.com).
2. Navigate to Apps → Google Workspace → Gmail → Authenticate email.
3. Click "Generate new record" and copy the TXT record shown.
4. Add that TXT record to your domain DNS exactly as shown.
5. Return to Google Admin and click "Start Authentication".
Official guideDMARC tells receiving servers what to do when an email fails SPF or DKIM. Enter your email address below and we'll generate the exact record to copy.
Enter your email first — the copy buttons will activate once filled.
DNS record to add:
TYPE
TXT
HOST / NAME
_dmarc
TTL
3600
What each tag means:
p=none — Just monitor, don't block anything. Safe to start.
p=quarantine — Send failing emails to spam. Switch to this after testing.
p=reject — Block failing emails entirely. Use only when fully confident.
rua=mailto: — Where DMARC reports are sent. Use any mailbox you check regularly.
Enter your sending domain below — we'll check if SPF and DMARC are live and correctly configured.