How to Achieve Mailjet DMARC Alignment with SPF & DKIM?

March 09, 2024

Mailjet DMARC Alignment, DKIM, SPF and Domain Authentication

Authenticating and securing email communication is crucial for businesses to prevent spoofing and improve deliverability. There are two commonly used methods to authenticate emails - SPF (Sender Policy Framework) and DKIM (DomainKey Identified Mail). You can get the SPF/DKIM values from the email service provider and add them to the domain hosting server to authenticate your webmail.  

Various email delivery services provide SPF & DKIM authentication for your domains. In this article, we’ll dive deep into SPF/DKIM authentication using Mailjet (an email service provider) and Cloudflare (a DNS management server). 

NOTE: Open your Cloudflare and Mailjet accounts side by side on two different tabs for a smooth process. Moreover, follow the given steps in chronological order.

Mailjet Domain Authentication Process:

Before adding SPF and DKIM authentication to your webmail, you need to validate/authenticate it first. 

  1. On your Mailjet account home screen, click Quick Setup and select Domain authentication from the drop-down menu. 

    Domain Authentication

  2. While you are in the “Domain and sender Addresses” tab, click on Add Domain.

    Add Domain

  3. Now add the web domain under the “Domain”, the website name under “Label” and hit the “Add” button.

    Add Domain

  4. Next, you’ll see two options side by side on your screen. We’ll proceed with Option 2: Create a DNS Record in the right column.

  5. In this column, copy the text written in the “Host” and “Value” fields.

  6. Now go to your Cloudflare dashboard in the second tab, click on Website in the left panel and select your particular website. 

    Click on your Website

  7. Click on Overview > DNS > Records > Add Record. 

    Click on Add record to validate your website

  8. Select TXT in the “Type” field, paste host text in the “Name” field and value text in the “IPv4 Address” field (copied from Mailjet) & click Save.

    Save the new domain records

  9. Afterwards, open Mailjet and click “Validate my domain” under the Create a DNS record field. You’ll see a confirmation message “Your domain has now validated.” 

    Domain Validation

Mailjet SPF & DKIM Authentication Process:

Once the domain has been validated, we move toward the DKIM and SPF authentication process.

  1. Click the “Authenticate this domain (SPF/DKIM)” button under the confirmation message.

    SPF/DKIM Authentication
  2. One by one, copy both records’ values (SPF & DKIM) and paste them into Cloudflare to add two new TXT records. (follow step #8 of the domain validation process).

  3. After adding both TXT records in Cloudflare, open Mailjet and click the Refresh option under SPF/DKIM set-up.

    Click Refresh button to apply SPF and DKIM authentication

Mailjet DMARC Alignment:

  1. Mailjet DMARC gives `p=none` value which is just a placeholder. Use DMARC Check Tool which analyzes data behind DMARC reports and allow you to act on it to deploy strict policy. Only a strict DMARC policy provides better deliverability and protection from email spoofing.

  2. Open the DMARC tool, write your domain name here, and click Check.

    Add domain name and click Check

  3. Take suggested DMARC value to replace the one in `_dmarc` TXT record value.

  4. Get access to your DMARC Analytics and follow further steps there to achieve alignment

That’s it! You have successfully set up DMARC, DKIM and SPF authentication. You’ll see green bars with “looks good” text on them, meaning the authentication has been successful. 

SPF DKIM authentication confirmation

You can also look up your domain and DKIM/SPF status by going to the Account > Domains and Senders tab.

See your domain status under “Domain and Senders Address” and DKIM/SPF status under “SPF/DKIM Authentication.” 

If you don't see your domain authentication activated after the Refresh, wait up to 24 hours as Mailjet may take some time to process it. However, if it's not authenticated after 24 hours, contact your domain hosting provider for further assistance.