Sparkpost DMARC, DKIM, SPF DNS Verification - Sending Domain & Bounce Domain Records

May 07, 2024

How to Setup Sparkpost DMARC, DKIM, SPF and Bounce Domain Records?

Sparkpost gives you the DKIM Sending record, CNAME tracking domain, and bounce domain record to authenticate your email domain. You can configure this domain name setup in the Domains tab of your Sparkpost account.

This guide post will walk you through the step-by-step process of setting up TXT and CNAME DNS records to your DNS provider. For this guide, we will be using Cloudflare as our DNS provider but you can add these records to any DNS provider you use.

Verifying Sending Domain in Sparkpost:

  1. On the Sparkpost dashboard, click "Configuration" in the top menu bar.

    Click the Configuration option

  2. Click the "Add Sending Domain" button in the Domains tab.

    Click Add Sending Domain

  3. On the next page, scroll down, write your sending domain name, and click "Save and Continue."

    Add sending domain for verification

  4. On the pop-up window, select NO under "Verify domain for bounce for strict alignment" and click Save and Continue.

    Select Relaxed alignment and click Verify

    Strict alignment means the sending domain and bounce domain are the same. If you select this option, you will not be able to receive emails on your root domain, as the emails will be going to SparkPost. Relaxed alignment means sending and bounce domains are different. If you choose this option, the emails will go to your domain instead of Sparkost.

  5. It will redirect you to the page with the DKIM record.

  6. Login to your DNS provider (Cloudflare for this instance) and click on your Website.

    Open your Website in DNS provider

  7. Click DNS in the left navigation menu and go to Records.

  8. Click Add Record to setup a new DNS record to the dashboard.

    Open DNS dashboard in DNS provider

  9. Copy the DKIM record name and value, and add it to the DNS dashboard.

  10. Select type TXT and click Save.

    Add DKIM record to the DNS provider

  11. Go back to the Sparkpost page, check the box for "record has been added" and click Verify Domain.

    Click Verify Domain

Verifying Sparkpost Bounce Domain:

  1. In the Domains tab, select the Bounce Domain section.

  2. At the bottom of the page, click Add Bounce Domain.

    Click Add Bounce Domain

  3. On the next page, scroll down to write a subdomain instead of your root domain, and click Save and Continue.

    Add the Bounce Domain

    NOTE: Using a root domain as a bounce domain means you will not be able to receive any mail there, as all messages will be sent to SparkPost. Therefore, we use a subdomain by adding "bounce." before the root domain.

  4. Next, you'll see a CNAME record. Add the record name and value to your DNS provider.

    Add the CNAME Bounce Domain Record to the DNS provider
  5. Select type CNAME and turn off the proxy to prevent the traffic from diverting to the Cloudflare server instead of the email server.

  6. Click Save to add the record.

    Add record name and value

  7. Return to the DNS page on Sparkpost and click Verify Domain.

Verifying Sparkpost Tracking Domain:

  1. Go back to the Domains tab and go to the Tracking Domains section.

  2. Click Add a Tracking Domain, at the bottom of the page.

    Click Add Tracking Domain
  3. On the next page, scroll down to write the subdomain name and click Save and Continue.

    Add the tracking domain

    NOTE: When adding a CNAME record to the DNS dashboard, ensure there is no other CNAME record with that domain name. The DNS provider will not add two CNAME records with a similar domain name. Therefore, we use a subdomain for adding tracking records i.e., track.rootdomain.com.

  4. It will redirect you to the page with the CNAME tracking record.

    Add the tracking record to the DNS provider

  5. Add this record to your DNS provider.

  6. Come back to the Sparkpost DNS page and click Verify Domain.

If all records were added successfully, you should see the grey highlighted text next to each domain.

Domains Verified Successfully

If you don't see the verification confirmation, wait for 24-48 hours for the server to propagate changes.

If the records are not authenticated after 48 hours, it points to a potential misconfiguration in your DNS records. You can hire a DmarcDkim.com expert to figure out where the issue lies.

Generate Sparkpost DMARC Value:

Sparkpost doesn't provide a DMARC record but it's important to add when you want to prove that your emails are coming from a legit source. With DMARC, you can specify what happens to the emails that fail to pass the authentication check.

DmarcDkim.com helps you generate a hassle-free DMARC value within a few clicks. Just add your domain name and the tool detects any existing DMARC value and gives you a suggested value.

  1. Open the DMARC Check Tool, write your domain name, and click Check.

    Check domain for suggested DMARC value

  2. Copy the record name and suggested value and add them to your DNS Provider.

    Add the DMARC record to DNS provider