Proper email authentication helps improve deliverability and is required when sending transactional email through third-party services. Below are example DNS records and steps to configure your sending domain.
Add or update your domain's SPF TXT record. Example if MyCSA or MailerSend are allowed senders:
v=spf1 include:spf.mycsa.pw include:spf.mailersend.net -all
Replace includes with the values recommended by your email provider. Use -all for strict enforcement once verified.
DKIM requires generating a key pair and publishing the public key in DNS. Your sending provider (or MyCSA when configured) will provide the selector and the TXT value. Example record:
selector1._domainkey.example.com TXT "v=DKIM1; k=rsa; p=PUBLIC_KEY_HERE"
Make sure the selector in your DNS matches the selector configured in your sending service.
A recommended DMARC record to start with monitoring only:
_dmarc.example.com TXT "v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1"
When you're confident SPF/DKIM are correctly configured, change p=none to p=quarantine or p=reject to enforce policy.
After publishing DNS records, use tools like MXToolbox, dmarcian, or your provider's verification tools to validate the records.
Contact support at [email protected] or contact your MyCSA account manager for assistance with DNS records and authentication.