Configuring SPF and DKIM Records for Mailgun DMARC - Domain Authentication

To launch a successful email campaign, your sender domain has to be authenticated. The mailbox providers like Google, Yahoo, and Outlook require verification that the emails are coming from a legitimate source and haven't been forged along the way.

DNS records - DKIM, SPF, and DMARC - are the common ways to verify your emails. These records can be generated from a trustworthy email delivery platform like Mailgun.

If you see the error "This website is pending domain owner verification," this article is for you. This guide post is dedicated to guiding you through the DNS verification process and authenticating your domain.

Configure Mailgun DNS Records:

1. Sign in to your Mailgun account with the email you want to authenticate.

2. On the dashboard, click Settings, go to the Domain tab., and hit the Add Domain button.

   

3. Write down your domain name, select the region, and click Add Domain.

   

4. Now click the domain name you added.

5. On the next page, you'll see Sending (TXT), Receiving (MX), and Tracking (CNAME) DNS records.

Add Mailgun Sending (TXT) Records:

1. Login to your DNS provider in a different browser tab (we are using Cloudflare for this guide but you can add records to any DNS provider you use).

2. In the Home tab, click your Website.

   

3. Click DNS, select Records, and hit the Add Record button to add new records.

   

4. Copy the Sending DKIM and SPF record name and value, and add them to the dedicated field in the DNS provider.

   

What to do if SPF already exists in the DNS Provider?

If there is an existing SPF record in your DNS provider, you can use the SPF Merge Tool to combine multiple SPF records into one.

1. Open the SPF Merge Tool and write down the domain name

2. Add the Mailgun SPF record and click Submit.

3. The tool generates a merged value, combining both - existing SPF and Mailgun SPF into one.

   

4. Add this merged value and record name to the DNS provider.

   

Add Mailgun Receiving (MX) Record:

If your domain has MX records from any other email service, don't add Mailgun MX records. Because you can have only one receiving server for a domain. Having multiple receiving servers can cause conflicts. Learn more about adding MX records.

If you haven't added any MX records to your DNS, then add the Mailgun MX records following the steps below:

1. Copy the MX record name and paste it into the Name field in the DNS dashboard.

2. Then copy the MX record value and add it to the Target field in the DNS provider.

3. Select the record type "MX" from the drop-down menu.

4. Set priority value "10."

5. Click Save to add the receiving record.

   

6. Follow the same steps for the second MX record.

Add Mailgun Tracking (CNAME) Records:

1. Copy the record name and add it to the Name field.

2. Copy the record value and add it to the Target field.

3. Select record type "CNAME."

4. Click Save to add the record.

   

Add Mailgun DMARC (TXT) Record:

Mailgun doesn't provide the DMARC value but adding DMARC is crucial for email communication security. Therefore, we recommend using a DMARC Check Tool to generate an effective custom DMARC value.

This value provides initial monitoring and allows you to implement a strict DMARC policy over time. Moreover, it has proper instructions to leverage data from the DMARC report.

1. Open the DMARC Check Tool, write your domain name, and click Check.

   

2. The tool gives you a suggested value. Add this record name and value to your DNS provider.

   

Verify Mailgun DNS Records:

1. Once all records are added, return to the Mailgun DNS records page and click "Verify DNS Settings."

   

2. If records were added successfully, you should see green checkmarks next to your domain which means the sender domain is authenticated.

   

If your domain didn't get DNS records verified right after adding them, wait up to 48 hours and check again. If there is no success, then it means there is some misconfiguration in your DNS records. To diagnose and fix the issue, hire a DmarcDkim.com expert or contact Mailgun support service.