ProtonMail SPF and DKIM Configuration| EasyDMARC

ProtonMail SPF and DKIM Configuration: Step by Step

3 Min Read
ProtonMail SPF and DKIM Configuration: Step-by-Step featured image

This instructional article will demonstrate the ProtonMail configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure ProtonMail passes the DMARC alignment check and eliminate spam from your domain and increase security.

The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send email from a particular domain and, are a way of verifying your email sending server is sending emails through your domain.

The process of setting up the SPF Record

To ensure the emails from ProtonMail are sent on behalf of your domain, you need to create or update your existing SPF record by including the following mechanism:

You can easily do this by using our SPF Generator Tool and following the steps below:

  1. Navigate to SPF Record Generator
  2. Add in the include:__ section.
  3. Choose the Policy (The options are: Fail (Not Compliant will be rejected), SoftFail (Not Compliant will be accepted but marked) and Neutral (Mails will be probably accepted)).
  4. When you have made followed the steps, click on the “Generate”
  1. Copy the provided ProtonMail SPF record and navigate to your DNS provider (CloudFlare, Godaddy, etc.) and create a TXT Record. We’ll be using CloudFlare for this example.

6. Click on “Save” 7. Wait up to 72 hours to allow your DNS to process the changes

Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError

If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4: ~all 

The process of setting up the DKIM Record

Now, you need to create DKIM records by following the steps below:

  1. Login to your ProtonMail email account
  2. For the domain you want to add a DKIM, head to ProtonMailSettings → Go to settings→ Organization → Domain names → Actions column → Review
  1. Select the DKIM tab
  1. Add three host names and values to your domain’s DNS settings as mentioned

Important Note: Once ProtonMail detects these records in your DNS, the SPF and DKIM tabs will show a green tick icon.

Congratulations, you now successfully authenticated your outgoing mail stream from ProtonMail with SPF and DKIM.

Various authors from EasyDMARC teams have contributed to our blog during company's lifetime. This author brings everyone together.


Inline Feedbacks
View all comments

succees We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.

succees You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us