Do I need to update my DMARC record for the new Gmail and Yahoo requirements?

Yes, you need to update your DMARC record to ensure compliance. The updates from Gmail and Yahoo require a DMARC policy with a minimum of p=none (monitoring) and reporting enabled. For best practices, it's recommended to eventually move to p=quarantine or p=reject after monitoring your DMARC reports.

How do I add or modify DNS records on GoDaddy?

If you're using GoDaddy as your DNS provider, you'll log into your GoDaddy account, navigate to the My Products section, and then find your domain. Click on DNS or Manage DNS to add or modify your records. You'll typically be adding TXT records for SPF and DMARC, and CNAME or TXT records for DKIM.

Do I need separate DKIM records for different email sending services?

Yes, if you use multiple email sending services (like Outlook for primary mail and Klaviyo for marketing), you will need DKIM records from each service . Each service signs your emails with its unique key, and the corresponding public key must be discoverable via DNS. Ensure all these records are published on your GoDaddy DNS to achieve proper authentication.

Can I have multiple SPF records for my domain on GoDaddy?

You should only have one SPF record per domain . If you have multiple services that need to send email, you must merge their SPF mechanisms into a single TXT record. Having multiple SPF records will cause authentication failures and negatively impact your deliverability.

What is BIMI and how does it relate to DNS records for Gmail and Yahoo?

BIMI (Brand Indicators for Message Identification) allows you to display your brand logo next to your authenticated emails in supported inboxes like Gmail and Yahoo . To implement BIMI , your domain needs to be at DMARC p=quarantine or p=reject , and you'll publish a specific BIMI TXT record pointing to your SVG logo file and a Verified Mark Certificate (VMC).

How do I set up DNS records for GoDaddy, Outlook, Gmail, and Yahoo to be ready for email authentication updates? - Technical - Email deliverability - Knowledge base

The landscape of email deliverability is constantly evolving, with major providers like Gmail

and

Yahoo implementing stricter email authentication requirements. These updates are designed to combat spam and phishing, but they also mean senders must ensure their DNS records are properly configured.

As someone deeply involved in email security, I've seen firsthand how crucial it is to get these settings right. Without correct SPF, DKIM, and DMARC records, your emails might not reach the inbox, impacting your communication and business operations. Many email marketers and IT professionals find navigating these configurations challenging, especially with domain registrars like

GoDaddy.

This guide will walk you through the essential steps to configure your DNS records, ensuring your emails are properly authenticated for

Outlook, Gmail, and Yahoo's new sender requirements. It's about setting up a robust foundation for your email deliverability.

Suped DMARC monitoring

Free forever, no credit card required

Learn more

Trusted by teams securing millions of inboxes

Understanding email authentication fundamentals

Before diving into the setup, it's important to understand the core authentication protocols that are now critical for email sending. SPF, DKIM, and DMARC work together to verify that an email is legitimate and hasn't been tampered with in transit. Without them, your emails are much more likely to be flagged as spam or blocked outright.

The new requirements from Google and Yahoo emphasize the necessity of these records, particularly for bulk senders. They require proper SPF and DKIM alignment and a DMARC policy with reporting to ensure good sender reputation and inbox placement. Failure to comply can lead to your emails being rejected or sent directly to spam folders.

I often find that a clear understanding of each protocol's role simplifies the setup process. SPF authorizes sending servers, DKIM provides a cryptographic signature for email integrity, and DMARC instructs receiving mail servers on how to handle emails that fail SPF or DKIM checks, while also providing valuable feedback via reports. You can read more about best practices for these protocols.

Protocol	Purpose	DNS Record Type	Key Benefit
SPF	Specifies authorized sending IP addresses.	TXT	Prevents spoofing of your domain.
DKIM	Digitally signs emails to verify integrity.	CNAME or TXT	Ensures messages haven't been altered.
DMARC	Instructs recipients on handling unauthenticated emails.	TXT	Provides visibility into email sending practices.

Setting up DNS records on GoDaddy

GoDaddy is a common domain registrar, and setting up DNS records there is straightforward once you know where to look. The first step is always to log into your GoDaddyaccount and navigate to the DNS management section for your domain. This is where you'll add or modify the TXT and CNAME records required for email authentication. If you're using a subdomain for sending, remember to set those up too, following our guide on subdomain setup in GoDaddy.

For SPF, you'll typically add a TXT record to your root domain. If you already have an SPF record, it's crucial to update it rather than creating a new one, as multiple SPF records will invalidate SPF. For DKIM, you'll generally add CNAME records provided by your email sending service. Each service you use to send emails from your domain, such as Microsoft 365 or a marketing platform like Klaviyo, will provide unique DKIM records.

DMARC also uses a TXT record, specifically for the hostname _dmarc. I always advise starting with a relaxed DMARC policy (p=none) to gather reports before moving to stricter policies. This allows you to identify any legitimate email streams that might not be authenticated properly. You can refer to our free DMARC record generator to create your record.

Example SPF TXT record for GoDaddyDNS

Host: @ or yourdomain.com
Type: TXT
Value: v=spf1 include:spf.protection.outlook.com include:sendgrid.net -all

Best practice

Consolidate: Ensure all your SPF includes are in a single TXT record to avoid validation issues.
Verify DKIM: Check that your DKIM selectors are correct for each sending service.

Configuring for major email providers

Configuring DNS records isn't a one-size-fits-all process. Each major email provider, and any third-party email service you use, will have specific records you need to publish. It’s essential to gather these unique records from all your sending sources. This includes your primary email provider like Microsoft 365 or Google Workspace, and any email marketing platforms, transactional email services, or CRM systems that send emails on your behalf.

For Outlook (Microsoft 365 and Exchange Online), you'll need to set up MX, CNAME, SPF, and DKIM records to ensure proper mail flow and authentication. Microsoft's documentation provides precise instructions for adding these records to any DNS provider, including GoDaddy. Pay close attention to the priority settings for MX records. We also have a dedicated guide on Outlook's sender requirements.

For Gmail and Yahoo, the focus is heavily on SPF, DKIM, and DMARC alignment. It's not enough for the records to exist; they must properly authenticate your sending domain. This often means ensuring that the DKIM domain aligns with your From address. If you're using multiple email service providers (ESPs), like Klaviyo for marketing alongside your Microsoft 365 or Google Workspace setup, each ESP needs its own set of DKIM records. The key is to publish all necessary records on GoDaddy or your DNS provider. Consider also if you want to implement BIMI for brand recognition.

Outlook (Microsoft 365)

MX Records: Direct incoming mail. Microsoft provides specific values.
SPF Record: Include spf.protection.outlook.com.
DKIM Records: Two CNAME records provided by Microsoft 365 for domain signing.

Gmail & Yahoo (Generic Sending)

SPF Record: Include all services that send mail for your domain. Example: v=spf1 include:_spf.google.com include:sendgrid.net -all.
DKIM Records: Obtain from each ESP (e.g., Klaviyo, Mailchimp, SendGrid) and add as CNAME or TXT records.
DMARC Record: Required TXT record at _dmarc.yourdomain.com.

Advancing your DMARC policy for robust protection

Implementing a DMARC record is a crucial step towards email authentication compliance, but it's just the beginning. The goal is to move from a monitoring policy (p=none) to an enforcement policy (p=quarantine or p=reject) over time. This phased approach helps prevent accidental blocking of legitimate emails while you identify and fix authentication issues. I suggest you read our article on how to safely transition your DMARC policy.

Monitoring your DMARC reports is absolutely vital during this transition. These reports provide invaluable insights into your email traffic, showing which emails pass or fail authentication and from where they originate. This helps you pinpoint any unauthenticated mail streams that need to be addressed. There are many DMARC deployment guides available that delve deeper into this process.

Once you're confident that all your legitimate email streams are authenticating correctly, you can gradually move your DMARC policy to quarantine, then to reject. A p=reject policy tells receiving servers to reject any emails that fail DMARC checks, providing the highest level of protection against email spoofing and brand impersonation. This is a critical step for maintaining a strong sender reputation and avoiding issues like being placed on an email blocklist (or blacklist).

Transitioning DMARC policies

Start with p=none to monitor and collect reports without affecting email delivery.

After several months of monitoring and fixing issues, move to p=quarantine to instruct servers to send failed emails to spam. Monitor for a few more months.

Finally, transition to p=reject to prevent unauthenticated emails from reaching recipients' inboxes at all.

Views from the trenches

Best practices

Always consult the specific DNS records provided by your email service providers, as they are unique to your setup.

Verify your DNS record propagation after making changes, using an online DNS checker to ensure they are live.

Start DMARC with 'p=none' to gather data on your email streams before enforcing stricter policies.

Common pitfalls

Creating multiple SPF records instead of consolidating them, which invalidates SPF for your domain.

Forgetting to publish DKIM records for all email sending services, leading to authentication failures.

Moving directly to a DMARC 'p=reject' policy without sufficient monitoring, potentially blocking legitimate emails.

Expert tips

When integrating a new email service, always prioritize obtaining and publishing its specific DKIM records immediately.

Consider using a DMARC monitoring service to automate report analysis, especially for complex sending environments.

If you're facing persistent deliverability issues, use an email deliverability test tool to diagnose specific authentication failures.

Marketer view

Marketer from Email Geeks says the exact records needed depend entirely on which services are used to send mail, not just the domain registrar.

2023-12-08 - Email Geeks

Expert view

Expert from Email Geeks says to always follow the specific advice from your email handler, whether it's Microsoft or GoDaddy, for each record.

2023-12-08 - Email Geeks

Final thoughts on email authentication

Setting up DNS records for email authentication can seem daunting, but by breaking it down into manageable steps and understanding the role of SPF, DKIM, and DMARC, you can successfully navigate the process. Remember, the goal is not just to add records, but to ensure they are correctly configured and aligned with all your email sending services, including those managed through GoDaddy.

Staying compliant with Outlook, Gmail, and Yahoo's evolving requirements is an ongoing process that benefits from continuous monitoring and adjustments. By investing time in proper DNS configuration now, you'll significantly improve your email deliverability and protect your domain's reputation in the long run.