FreshMail DKIM & SPF Setup — A Complete Guide
If you send email marketing campaigns using FreshMail, you already know how powerful and flexible the platform is. However, to ensure your emails actually reach the inbox and don’t get blocked, flagged as spam, or rejected outright, you need to authenticate your domain properly. That’s where SPF and DKIM come in — two critical email authentication protocols that work together with DMARC to protect your reputation and improve deliverability.
In this comprehensive guide, we’ll walk you through everything you need to know about setting up DKIM and SPF with FreshMail — step by step, clearly explained, and written from the perspective of a team that lives and breathes email authentication: DMARCReport.
Why DKIM & SPF Matter — The Foundation of Email Trust
Before we dive into the steps, let’s take a moment to understand why SPF and DKIM are so important.
📌 What SPF Does
SPF (Sender Policy Framework) allows domain owners to specify which mail servers are permitted to send email on behalf of that domain. When receiving mail servers check SPF, they compare the sending server’s IP against the authorized list in your DNS.
- If the server is authorized, the check passes.
- If it isn’t, the check fails, and the email is more likely to be treated as spam.
SPF strengthens your email domain’s reputation and prevents unauthorized use — such as spoofing or phishing.
📌 What DKIM Does
DKIM (DomainKeys Identified Mail) applies a cryptographic signature to each outgoing message. This signature is published as a public key in DNS, and receiving servers use it to verify the message wasn’t tampered with after it was sent.
This ensures:
- The message really came from you.
- The content hasn’t been altered.
- Spam filters see your mail as more trustworthy.
Both SPF and DKIM don’t just help email get delivered; they lay the groundwork for DMARC. DMARC then tells receivers what to do when SPF or DKIM checks fail.
Step-by-Step: Setting Up DKIM for Your FreshMail Domain
🔹 Step 1 — Log In to Your FreshMail Account
Begin by signing in to your FreshMail dashboard with your admin credentials. This gives you access to all necessary domain verification and settings.
🔹 Step 2 — Access Your Settings Panel
Once logged in:
- Click your profile icon in the top right corner.
- Select Settings from the dropdown.
This takes you to your account and domain configuration options where authentication features are located.
🔹 Step 3 — Open the DKIM Verification Section
Inside settings:
- Look for the “DKIM Verification” option in the menu (usually on the left side).
- Click it to open the DKIM setup interface.
🔹 Step 4 — Authenticate a New Domain
In the DKIM settings:
- Select Authenticate new domain.
- Enter the domain you want FreshMail to send emails from.
For example:
newsletter.yourdomain.com
Once entered, click Add.
🔹 Step 5 — Fetch Your DKIM CNAME Record
After adding the domain, FreshMail generates a CNAME record — a DNS entry you’ll publish at your domain’s DNS host.
You’ll see:
- A Hostname (Name) value
- A Target (Value) value
Copy both exactly as they appear.
💡 This DKIM CNAME record is how Mail Transfer Agents (MTAs) verify your public key when processing messages from your FreshMail campaigns.
🔹 Step 6 — Add the DKIM Record to DNS
Now log in to your DNS provider (for example, Cloudflare, GoDaddy, Namecheap, AWS Route 53, etc.) and:
- Go to your domain’s DNS settings.
- Click Add a record.
- Choose the record Type: CNAME.
- Paste the Hostname and Value exactly.
- Save the record.
👉 If using Cloudflare — make sure the proxy status (orange cloud) is turned off (grey cloud) — proxies interfere with DKIM validation.
Once published, DNS propagation can take up to 24 hours. After propagation, FreshMail will show your domain as verified in the DKIM status.
Step-by-Step: Setting Up SPF for FreshMail
Unlike DKIM, SPF setup doesn’t require a generated CNAME. Instead, you update your domain’s SPF TXT record to authorize FreshMail servers to send on your behalf.
🔹 Step 1 — Understand FreshMail’s SPF Mechanism
According to FreshMail guidance, the SPF mechanism you should include is:
include:_spf.freshmail.pl
This tells receiving servers to include FreshMail’s sending servers when checking SPF for your domain.
🔹 Step 2 — Locate Your SPF Record in DNS
Check yourDNS for an existing SPF record — it looks like a TXT record starting with:
v=spf1
If you already have one, do not create another. Only one SPF record is allowed per domain. Instead, update it — more on that below.
🔹 Step 3 — Add FreshMail to Your SPF
✅ If you don’t already have an SPF record, create a new TXT record with:
v=spf1 include:_spf.freshmail.pl ~all
👉 This tells mail receivers that FreshMail’s servers are trusted for sending mail from your domain.
🔄 If you already have an SPF record, simply add the include within the existing list:
v=spf1 include:spf.yourservice.com include:_spf.freshmail.pl ~all
Just be sure the updated SPF is valid and not overly long — too many includes can cause DNS lookup limits to be exceeded.
⚠️ SPF Alignment Limitation
It’s important to note that with FreshMail, SPF alignment cannot currently be achieved, meaning SPF may pass without aligning with your “From” header domain. But DKIM will align once setup properly. Even so, including FreshMail in your SPF is still recommended to reinforce authentication checks.
What Happens After You Publish DKIM & SPF
Once both records are in place and DNS has propagated:
✔️ You Should Begin Seeing
- DKIM signatures on outgoing emails validated by recipients.
- SPF checks that include FreshMail as authorized senders.
- DMARC reports showing DKIM passing for FreshMail email deliveries (once you have a DMARC record published).
If you have an active DMARC policy with reporting enabled — for example:
v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com
You’ll start receiving daily aggregate reports that indicate how your email streams perform in terms of SPF, DKIM, and overall DMARC compliance.
Verifying Your Setup — Best Practices
🔍 Use Tools to Validate
After publishing DNS records:
- Check DKIM via tools like DKIMValidator or MXToolbox DKIM check.
- Validate SPF with an SPF checker.
- Confirm DMARC performance with a DMARC analytics service.
These will help you catch misconfigurations before they affect deliverability.
📊 Watch for SPF Lookup Limits
If you use many third-party services that send mail for you, you could hit the 10-lookup limit for SPF. If that happens, consider mechanisms to optimize (e.g., flattening, consolidating includes). DMARCReport can help you audit and optimize your SPF record.
Final Thoughts
Email authentication isn’t just good practice — it’s essential. For brands and marketers using FreshMail, setting up DKIM and SPF properly ensures:
- Higher deliverability
- Fewer emails sent to spam
- Stronger protection against impersonation
- Better DMARC monitoring and enforcement
At DMARCReport, we believe every sender should understand and leverage SPF, DKIM, and DMARC as part of a robust email security strategy. If you need help monitoring your records or interpreting DMARC reports automatically, our platform can give you actionable insights and performance dashboards.
