First steps to authenticate your email

Get your email service set up and ready for 99.9% delivery rate! Take a few easy steps to authenticate your email server.

Whenever you are setting up a new domain with new hosting, you will get to the point where you need to start sending email. In 2019, this has become a major issue – spammers have forced mail operators to ramp up email authentication. So you might ask yourself “how do I deliver emails into inbox instead of SPAM folder”?

Email authentication plays a major role in making sure your email gets delivered. To start getting your email delivered you need to setup several DNS records:

  1. – MX (Mail Exchange)
  2. – SPF (Sender Policy Framework)
  3. – DKIM (DomainKeys Identified Mail)


1) MX records

MX records are responsible for email delivered into your inbox. They are usually added automatically to your domain by your domain registrar or hosting.

You can check your MX records by using this tool provided by Google:


or this one by MxToolbox:


Once you set your MX records up, you will start receiving emails.

Test by sending an email from a known working email address to the newly-configured domain.


2) SPF(Sender Policy Framework)

This is a record that will allow you to send authenticated email from your server.

It is a record that you, as a domain administrator, publish for email receiver to check if IP address that sent them an email matches what is published in DNS records of your domain.

Your SPF record will look something like this:

1 TXT "v=spf1 ~all”


If you need to setup SPF record use this tool Sparkpost has created for generating SPF record for your domain:


Some other tools:



DKIM record is a sort of digital signature that each email coming out of your server gets signed with. It is added to headers (what is an email header?) of each of your email.

Once the receiver of the email gets and email from you they will compare the signature in your email headers with the one that exists in your DNS records of your domain.

You can have multiple DKIM records for different email services you use.

For example you can have one for GSuite for your business email and another one that covers emails being sent by your WordPress site (like Sparkpost, SendGrid, Mailgun, etc).

A typical record will look something like this:

xxxx._domainkey v=DKIM1; k=rsa; h=sha256; p=11111111111111111111111111111111111111111111111111111111


You usually get DKIM record from your email provider. If you need to test it you can use some of these tools:


How do I test all of my new DNS records?

Once you have setup your SPF, DKIM, MX records, you will need to test all of them.

To do the final test of email delivery I recommend using

When you visit them, you will be presented with a page and an email address they want you to use to email them.

Copy that email address and send them an email from the service you are trying to test. So if it’s a GSuite gmail that you are testing, send them an email from your gmail account.

If it is your server email service, create a ticket or an account with their email so your server sends them your email.

Then you click through onto next page of, you will receive result of your test.

I highly recommend doing this. It will give you the best explanation of what is wrong with the email that you have sent.

That’s about it.


NOTE: There are other records that you can setup like PTR, SOA records, but I have not ever used them in any of my projects and have never seen an email rejection because of PTR or SOA.

After you have setup SPF, DKIM and MX records your best improvement in your delivery will be done in the actual content of the email.

Later I will write a post about how some content is being perceived as spam by some of the email spam filters.

Leave a Reply