SPF & DomainKey Authentication DNS Setup for CritSend

Why is DKIM and SPF important?

"Via and On Behalf of"

Gmail, Hotmail, and other email providers want to make sure their users know exactly where their emails come from. Since you can put virtually any email in the from field, email providers want to prevent scams from people pretending to be Paypal, Banks, etc. by putting a bank, Paypal, etc. email address into the from field. To make sure their users know that the email came from the proper domain, email proviers will add a "Via" or "On Behalf of" tag when the from field doesn't match the domain it came from. It looks like this:

Since Critsend is a third party in your email's transmission, your emails will appear to be from Critsend servers and not your own. Google, Hotmail, and other providers will add the "Via" or "On Behalf Of" tags to the displayed email to inform users that the email came through Critsend.

However, this can be removed by whitelisting your domain.

There are two systems that are used by email providers to allow for emails to be "signed" or "whitelisted" to go through third parties like Critsend. They are DKIM (Domain Key Identified Mail) and SPF (Sender Policy Framework). Both of these are setup as DNS TXT records and are basically flags to Gmail, Hotmail, Yahoo, etc. that you are allowing Critsend to send mails on your behalf.

Setup DKIM and SPF

There are 2 steps to enabling full domain personalization:
Step 1: Add our SPF & DomainKey entries to your DNS.
Step 2: Tell CritSend Mail Settings what domain(s) you have added.

Step 1: Adding CritSend SPF & DomainKey entries to your DNS

DKIM and SPF are stored as DNS records. DNS records can be added in by giong to your domain providers (GoDaddy, Network Solutions, etc.) and finding the DNS record settings page. You will need to add two TXT records, one for SPF and one for DKIM.
If you are using CPanel or a Zone editor click here

1. To add the SPF Entry:

Add the following TXT entry to your domain at this address:
Address or Name = example.com

Sometimes your DNS will automatically add your domain to this field you you may have to leave off "example.com" depending on your DNS software.

v=spf1 mx include:messaging-master.com ~all

If you already have an existing SPF entry in your DNS, add this to your existing TXT entry instead:

include:messaging-master.com

Great. Now you are ready to add the DomainKeys entry. Your DNS will take a few hours to update, depending on the TTL of your domain records.

2. To add the DomainKeys Entry:

Add a CNAME record with the following Name and Value:

Address or Name: critsend2._domainkey.example.com

Sometimes your DNS will automatically add your domain to this field you you may have to leave off "example.com" depending on your DNS software.

Value:

dkim.critsend.com

If your DNS client doesn't support CNAME's with underscores, please follow these instructions instead:

Add a TXT record located at:

- Address or Name: critsend2._domainkey.example.com

With the values:

- Value:

"k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvEpIr9ILg7iXsdMlMst5sCK+MDc4GQDaZDmgLLHHVNn952Jh4zmB1Qp+fBSUzVfcU/qW4hicOMJKRe0bo8nIB/Gvh3CtJuyAFizXCUjDtn2V4t5rg2OEpVkEXHkwUoW43Z5753Q62flW2wb3zuEqoO5fWLUt4rcIqatE+O8zmSwIDAQAB"

Step 2: Tell CritSend Mail Settings what domains you have added.

1. Log into myaccount.critsend.com and Go to your Mail Settings tab:

2. Enter your "Signed-by Domain"

This is the domain you have just added your DNS entries to. So for example if you added a DNS record to your_domain.com then you would put in your_domain.com in this field. The Signed-by domain is used by DKIM as a reference to what domain to check for a DKIM record.

Example: yourdomain.com

Caution: Hotmail's DKIM verifying procedure needs the "From" address' domain to be the same as the DKIM signing domain. So, if your signing domain is "yourdomain.com", your "From" address should be something like "example@yourdomain.com".

3. Enter ONE "On Behalf of Address" per domain

In the "On Behalf Of Address" field, enter a default email address for the domain(s) for which you have just updated your DNS. This is NOT the same as your Mail-From: or From: address and does not affect your Mail-From: or From: address, it is for SPF authentication purposes only. This is just used as a refernce for mail providers to check the SPF TXT records in domain listed in the On Behalf Of address. In the example below it will check yourdomain.com for an SPF TXT record.

Example: noreply@yourdomain.com Example for multiple domains: (if you have modified your DNS for yourdomain.com and your-other-domain.com) whatever@yourdomain.com,support@your-other-domain.com.

Congratulations, you have now achieved full domain personalization.

Test your domain here . (Wait 4 hours for DNS propagation though)

SPF & DKIM