How do I authenticate my From email address?

The From address is key to the success of your email campaigns. It influences recipients to open the email as much as the subject line. Recipients often see the From address before seeing the Subject line. 

Your email From address should be easily recognized and consistent. If the recipient does not recognize the From address, they are likely to unsubscribe or flag the email as spam.

In addition, an authenticated domain gives email providers assurance that messages using your email address are trustworthy and originate from senders approved by you. 

We strongly advise that you authenticate your From email addresses/domain, using the instructions in this article. Authentication maximizes the deliverability of your emails to recipients' email inboxes. 


Gmail and Yahoo require that email marketers authenticate their DNS with SPF, DKIM and DMARC. This is to reduce the amount of spam email relayed through their systems. If authentication is not in place, they will not deliver the email. Implement the configuration in this article to ensure that your emails get delivered.

Zift has a fallback process in place to handle non-authenticated domains. If your domain does not have proper SPF, DKIM and DMARC in place, your sender email address will be sent from For example: will send from

This will ensure that your email will not be rejected due to domain authentication, but it may result in emails being flagged as spam due to an unexpected domain (

If you are not directly responsible for DNS configuration, provide these instructions to your IT team for review and implementation.

What are SPF, DKIM, and DMARC?

SPF, DKIM, and DMARC are email authentication methods. Your DNS record provides information abut who you are on the internet. You can add authentication to the record to improve the security of your emails. Each authentication method works in a slightly different way:

  • SPF (Sender Policy Framework) - a method that prevents your email from being used without your permission. When you authenticate via SPF, you are providing permission for a sender to use your email domain on your behalf.
  • DKIM (DomainKeys Identified Mail) - adds a digital signature that confirms that your email has not been altered during transit and comes from an authorized sender.
  • DMARC (Domain-based Message Authentication Reporting and Conformance) - requires that you have SPF and DKIM in place, and allows you to instruct servers how to handle messages from your organization that don’t pass SPF or DKIM.

DNS Propagation Check

The next sections contain the instructions for you to configure your DNS with authentication. Once you've completed them, you can use the DNS Propagation Checker website to verify that your configuration has propagated around the world:

You will be ready to send emails when you see the entries from your recent update appearing on the site. If your configuration is unsuccessful, reach out to your DNS provider to check your entry syntax as it is unique to your provider's requirements. 

Note: Your individual propagation timeline is directly related to the TTL on your DNS configuration and the accuracy of your entries. It can take up to 24 hours for authentication status to update to mail servers globally.

SPF Authentication

You can use SPF to authenticate the From domain you will be using to send your emails.

  • You can use a tool such as to create an SPF record. If you already have SPF in place for other servers (for example Outlook), you will update your existing SPF record.
  • Add this phrase to your SPF record:

    For example, if your existing record looks like this:

    v=spf1 ip4: -all

    Add the include so it looks like this:

    v=spf1 ip4: -all

To confirm that SPF authentication has been successful, check your domain on a site such as Your SPF details should report that is present.

DKIM Authentication

Add a CNAME record to the DNS for DKIM authentication.

We provide two methods, please use ONE of them. Replace any references to insertyourdomainhere with your company email domain.

  • Method A

    CNAME HOST: dkim._domainkey.insertyourdomainhere Value:

  • Method B

    CNAME HOST: dkim._domainkey.insertyourdomainhere Value:

To confirm that DKIM authentication has been successful, check your domain on a site such as The result should include the following data:

Public key length: 1024

Note that it can take up to 24 hours for authentication status to update.

DMARC Authentication

Create your DMARC policy on your DNS record. If you need assistance, a site such as can help with policy design.

This is the minimum DMARC policy required. Replace any references to insertyourdomainhere with your company email domain:

_dmarc.{insertyourdomainhere}.com                TXT                  "v=DMARC1; p=none;"

To confirm that your DMARC policy is in place, check your domain on a site such as


Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.