SPF and DKIM authentication for domains
Domain Verification is a pre-requisite in ZeptoMail to stop the misuse of Domains. These verifications ensure that your email lands in your recipient's inbox and not in their spam folder. To verify your domains, it is mandatory to set up both SPF Record and DKIM Record. Without this verification, you will not be able to send emails using your domains in your ZeptoMail account.
ZeptoMail makes SPF and DKIM mandatory in-order to ensure high deliverability and avoid spams.
- ZeptoMail uses its IPs to send emails only from verified domains. By making SPF mandatory, ZeptoMail IPs reputation are not compromised due to a spammer.
- ISPs use DKIM to track the domain sending history. This way ISPs build the domain reputation. Domain Reputation determines the successful delivery of your emails i.e. emails are delivered to the recipient's inbox and not to the spam folder.
SPF
While sending transactional emails using ZeptoMail, the recipient mail server will want to know whether ZeptoMail has the permission to use your domain to send emails. The recipient MX server will use Sender Policy Framework (SPF) to validate this. In-order to send emails using ZeptoMail, you need to verify your domains using SPF.
The general SMTP (Simple Mail Transfer Protocol) method of sending email by itself does not have any sender domain validation methods. So it becomes essential to have SPF to validate the authenticity of the email sender.
Configure SPF records for ZeptoMail
When you send an email using ZeptoMail, the recipient email server looks up the domain name from the mail-from address. It then checks with the DNS whether the email sending IP is authorized to send messages from that mail-from domain. If this is true, then the email clears the SPF validation and is placed in the recipient's inbox. You can learn to configure SPF for your domains added to ZeptoMail in the domain verification section.
You can publish the SPF records for ZeptoMail in your DNS as a TXT record. The TXT record will vary slightly based on the type of domain you use, as given below:
| TXT host/ name | TXT Value | |
| Main domain (E.g., zylker.com) | @/ blank | v=spf1 include:zeptomail.net ~all |
| Sub domain (E.g., invoice.zylker.com) | Sub-domain name* (E.g., invoice) |
* - You need to add either the complete domain (subdomain.domain.com) or just subdomain name here. This depends on your DNS provider.
Note:
If you have previously configured SPF TXT record for your day say "v=spf1 include:zoho.com ~all", then you should not create a new SPF TXT record for ZeptoMail in your DNS. If the new ZeptoMail SPF TXT value to be added is "v=spf1 include:zeptomail.net ~all", then modify your existing DNS SPF TXT value to "v=spf1 include:zeptomail.net include:zoho.com ~all".
DKIM
Your transactional email messages can get altered during transit. DKIM (DomainKeys Identified Mail) is a method that will protect your email messages from getting altered in transit. For every domain added to ZeptoMail, we will generate a public and a private key. Public key is stored in the DNS. Using the domain private key, ZeptoMail will generate a signature for the email content and add it to the email header. When an email recipient server receives an email from a particular domain, it checks with the DNS for domain authenticity and pulls the respective public key. The recipient mail server will then use the public key to generate a signature and compare it with the signature value, in the email header, that was generated using the private key. This is how the DNS uses the public key to verify the signature.
You will receive your SPF, DKIM and CNAME records while verifying your domain in ZeptoMail as shown below:
Visit the domain verification section to learn how to set up DKIM for your domains.
Note:
- We are rolling out the ZeptoMail UI changes in a phased manner. Currently the changes are available for the US region. It will be available in other regions shortly.
- Before you get started it is important to know that ZeptoMail is for sending transactional emails like welcome emailers, password resets emails, OTPs. We do not support sending of bulk emails or promotional emails like newsletters or marketing campaign emails. If you are looking for a bulk email provider, check out Zoho Campaigns.