Email Authentication – SPF and Domain Keys Follow


Help your emails reach the inbox

Email authentication is used to increase the deliverability and security of email messages that you send through our system.

The truth is short and sweet. You’re going to get better delivery rates and in turn, higher engagement, higher client retention and more sales. Email providers heavily rely on authentication to fight spam and prevent phishing, but also more generally as a way to determine whether or not an email will show up in the inbox instead of the spam folder.


Many email providers use authentication to track sender reputation. Without it, the chances of your emails being filtered or rejected are much higher.

Setting up SPF and Domain Keys will improve your email deliverability and your overall email campaign effectiveness.

Improve your brand image

Without SPF and Domain Keys to sign your emails, your emails will show that the email will have come from the ‘from’ address you specified, via [your ESP].

This can help improve the way your emails are perceived by customers using Gmail and other providers.

Protect your brand and domain

Email Authentication is just like placing a padlock on all emails you send through the system and stopping anyone else from using your domain without permission. Without the key, they can’t open the lock. Ultimately this maintains your reputation as a sender.

How it works

Email authentication works by configuring your domain to specify which services and providers can send email on your behalf.  It is all based off the ‘from address’ of your emails from each of your email service providers. The mail servers that receive your emails will check for valid SPF and Domain Keys based on your DNS records and then accept or reject the email.

We recommend configuring Domain Keys and SPF with all of your email providers, such as your ISP, Gmail or Outlook. Emails which fail an SPF or Domain Keys check at the receiving mail server, are most likely going to end up being rejected or sent to the spam / junk mail folder. Adding both SPF and Domain Keys will help maximise your delivery and improve results in your email marketing.

How do I set this up?

We recommend adding in the domains you plan on using for your 'from address' and click the 'send setup instructions' button to email this to your systems administrator.

Enter in the domain name you wish to grant us permission to send from, on your behalf into the box and click ‘add domain’.

You can access the deliverability settings in your account to set this up.

Once you have added your domains you will see the setup instructions for each domain.  This is the important stuff.  If you’re familiar with this kind of procedure or working with DNS records, it may look familiar to you.

If you would like to set this up yourself, the following information is for you :


Instructions for setting up SPF and Domain Keys

SPF Record Setup

To configure SPF you will need to add or modify a TXT record for your domain.

  1. If you don’t already have an SPF record,
    Add the following TXT record to your DNS:

  2. If you already have an SPF record, please modify the existing record and add the following text: 

About SPF Records

SPF and Domain Keys must be configured for each email provider - for example Outlook or Gmail. If you have existing SPF records the instructions in your account will contain the complete SPF record including any others you have previously configured.

For Outlook and Gmail users you can refer to the documentation on configuring the additional SPF “include” records you will need:  Outlook  |  Gmail

By default we set the policy (the ‘all’ part) to be ?all (neutral) which will continue to allow all emails to be delivered. After verifying your SPF configuration is correct this can be changed to ~all (soft-fail), which will typically mark fake messages as spam.

You must only have one SPF record for your domain. Adding multiple records may cause deliverability issues. Additionally, SPF Records must use the “TXT” record type, not the “SPF” record type as it has been deprecated according to the SPF standards.

Domain Keys (DKIM) Setup

Just like an SPF record, Domain Keys need to be configured on a ‘per provider’ basis.  Unlike SPF, however, you’re able to simply add a new record without needing to modify any existing Domain Keys.

To do this, create a CNAME record in your DNS at :

With the value :

Please note that some DNS providers require a . after the hostname value in CNAME records, such as:

Cannot use CNAME with Domain Keys?

Some DNS providers do no support the use of Domain Keys in a CNAME record.  In cases like this a TXT record can be used instead along with this public key : 

v6dk1._domainkey TXT k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJy0job/JDftWiFCvJlYEwcFJ2n6865ZdJJy+ooyvwL1VtfUDo4xUmwVNga1wvinb8613HQ7vRSpiBt7YyzTHU9IqROdPrP1hjJrTrn2aKUlgWU2WB/OWb+9o6mpeIBghpJQgTC43jeIFnObSoHFHgS5wtxBxmX2M1GXKfRUGRywIDAQAB\;

About Domain Validation

So that we can confirm that you have ownership of the domain we use a unique TXT record to check that you have control over the DNS settings for your domain.

Once a domain is validated, we will start signing your emails with Domain Keys and the validation DNS record can be safely removed.

Because the validation record is specific to your account, please enter your domain in the deliverability settings page to obtain the correct DNS record.


"Check DNS setup" to refresh settings

When you've finished setting up your deliverabillity settings, go into your deliverability settings (account -> deliverabillity) in your Vision6 account and click on "Check DNS setup" to refresh your settings. Sometimes it doesn't refresh automatically to update your details, and more often than not a simple refresh will authenticate your settings and set it up correctly.


Instructions for specific DNS providers

Here are some links to some common domain providers and the information they provide on adding TXT records for SPF. If you can't find your hosting provider here (there are hundreds!) We’d recommend getting in contact with them directly or having a dig through their support documentation.


Have more questions? Submit a request