This instructional article will demonstrate the ProtonMail configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure ProtonMail passes the DMARC alignment check and eliminate spam from your domain and increase security.
The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send email from a particular domain and, are a way of verifying your email sending server is sending emails through your domain.
The process of setting up the SPF Record
To ensure the emails from ProtonMail are sent on behalf of your domain, you need to create or update your existing SPF record by including the following mechanism: include:_spf.protonmail.ch
You can easily do this by using our SPF Generator Tool and following the steps below:
- Navigate to SPF Record Generator
- Add include:_spf.protonmail.ch in the include:__ section.
- Choose the Policy (The options are: Fail (Not Compliant will be rejected), SoftFail (Not Compliant will be accepted but marked) and Neutral (Mails will be probably accepted)).
- When you have made followed the steps, click on the “Generate”
- Copy the provided ProtonMail SPF record and navigate to your DNS provider (CloudFlare, Godaddy, etc.) and create a TXT Record. We’ll be using CloudFlare for this example.
6. Click on “Save” 7. Wait up to 72 hours to allow your DNS to process the changes
Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError.
If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4:220.127.116.11 include:_spf.protonmail.ch include:thirdpartyservice.com ~all
The process of setting up the DKIM Record
Now, you need to create DKIM records by following the steps below:
- Login to your ProtonMail email account
- For the domain you want to add a DKIM, head to ProtonMailSettings → Go to settings→ Organization → Domain names → Actions column → Review
- Select the DKIM tab
- Add three host names and values to your domain’s DNS settings as mentioned
Important Note: Once ProtonMail detects these records in your DNS, the SPF and DKIM tabs will show a green tick icon.
Congratulations, you now successfully authenticated your outgoing mail stream from ProtonMail with SPF and DKIM.