How to configure SPF, DKIM, and DMARC records for Brevo?

DKIM is the authentication protocol that survives email forwarding, says Brad Slavin, General Manager of DuoCircle. When SPF fails because a forwarder’s IP isn’t in the original record, DKIM alignment is the only path to DMARC pass. That’s why we monitor DKIM alongside SPF in every DMARC Report dashboard.

DKIM (RFC 6376) signs email messages cryptographically, and unlike SPF, the signature survives email forwarding - which is why DMARC alignment via DKIM is more reliable than SPF alignment for forwarded mail and mailing lists. DMARC Report

How to configure SPF, DKIM, and DMARC records for Brevo?

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-15764">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/09/How-to-configure-SPF-DKIM-and-DMARC-records-for-Brevo.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M9S">2:09</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-15764" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-15764" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-15764" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-15764" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/how-to-configure-spf-dkim-and-dmarc-records-for-brevo/&t=How to configure SPF, DKIM, and DMARC records for Brevo?" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/how-to-configure-spf-dkim-and-dmarc-records-for-brevo/&url=How to configure SPF, DKIM, and DMARC records for Brevo?" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/09/How-to-configure-SPF-DKIM-and-DMARC-records-for-Brevo.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/how-to-configure-spf-dkim-and-dmarc-records-for-brevo/" class="input-link input-link-15764" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-15764" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="354twl7M24"><a href="https://dmarcreport.com/blog/podcast/how-to-configure-spf-dkim-and-dmarc-records-for-brevo/">How to configure SPF, DKIM, and DMARC records for Brevo?</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/how-to-configure-spf-dkim-and-dmarc-records-for-brevo/embed/#?secret=354twl7M24" width="500" height="350" title=""How to configure SPF, DKIM, and DMARC records for Brevo?" - DMARC Report" data-secret="354twl7M24" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-15764” readonly/>

					<button class="copy-embed copy-embed-15764" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

By now, you probably know enough about authenticating your email-sending domain and its numerous benefits. The first and perhaps the most important one being how it protects your organization from falling prey to pervasive cybersecurity attacks like phishing, ransomware, malware, spoofing, etc. Apart from this, configuring your sender domain with **SPF, DKIM, and DMARC helps you uphold your brand’s reputation among your clients, stakeholders, and mail servers. It also plays a crucial role in enhancing email deliverability and the effectiveness of your email marketing campaigns.

Looking at the benefits of these email authentication standards, it only makes sense to adopt them for your organization. In fact, if you haven’t yet enforced SPF, DKIM, and DMARC for your domain, it is high time you do because Google and Yahoo have now made it mandatory for organizations sending more than 5,000 emails every day to comply with these authentication protocols. Even if you rely on a CRM platform, like Brevo, to send out your marketing emails, you need to authenticate your domain.

In this article, we will look at how to set up SPF, DKIM, and DMARC records, which are prerequisites for any email authentication strategy, particularly when using a platform like Brevo (formerly Sendinblue).

Sending emails using Brevo

Brevo (formerly Sendinblue) is a powerful CRM platform that allows you to manage email marketing campaigns efficiently. Speaking of **effective management of your email campaigns, it is incomplete unless you authenticate your domain. This is why setting up SPF, DKIM, and DMARC records for authenticating your domain is very important to ensure that your emails land in the inboxes rather than the spam folders of recipients. It also **improves deliverability and **protects your brand from cyber threats such as phishing and spoofing.

In Brevo, domain authentication is not only a way to enhance the deliverability of emails but also to ensure that your organization meets the **industry standards set by major email providers like Google and Yahoo._ If not properly authenticated, it can result in blocking or flagging your emails, critically bringing down your marketing efforts_.

How Do You Create an SPF record in Brevo?

While SPF is the first step in any email authentication strategy, this is not the case with Brevo. Since Brevo does not have the provision to manually set up SPF, you do not need to configure an SPF record in the CRM platform. This is because, with Brevo, the internal servers do the job of checking the SPF on the Envelope Sender, which negates the need for authorizing your email sending domains.

However, if you do try to implement your SPF record in Brevo by updating your DNS with “include:spf.sendinblue.com,” the **SPF authentication will inevitably fail. This happens because, in this case, the Envelope From sender domain will not match the From: domain.

Moreover, another reason Brevo spares you the hassle of implementing an SPF record is by offering you assistance in configuring DKIM, which is just what you need for DMARC enforcement. To activate DMARC, you need either SPF or DKIM; if you have both, it’s well and good, but if you have even one of them, your DMARC enforcement will work just fine. This means that you can easily skip SPF implementation and move on with DKIM and DMARC.

Getting started with email authentication in Brevo

To authenticate your emails with Brevo, you will first need to add your domain to the platform.

Log into your Brevo account, then go to Senders, Domains, and Dedicated IPs

Domains. Click Add a domain, and fill in your domain name - for example, company.com - then finally, Save this email domain.

With your domain added, you can authenticate it using Brevo’s DKIM and DMARC records.

How Do You Create a DKIM record in Brevo?

Coming to DKIM records, they can be added to your Brevo by following one of the two ways - manually or automatically. Let us take a look at both of them:

Automated DKIM implementation

Considering your plan includes automated authentication, log in to your account in Brevo.

• Choose “Authenticate automatically” and confirm it by clicking “Continue” on the box that pops up.

• Enter your domain host’s credentials and click “Continue”

• With automatic setup**, Brevo does all of this for you: Your DKIM records are added directly to your domain host, so you don’t have to update your DNS manually

Manual DKIM implementation

If Auto Setup is not available for your plan or if you want to set up your DKIM manually, here are the steps to follow:

• Log in to your Brevo account - Copy the DKIM TXT record given by Brevo

• Now log into your DNS management console and add this record

• After adding the record, click “Save” in Brevo Keep in mind that it might take some time to reflect the changes in your DNS. Once done, the DKIM authentication will be complete for Brevo.

How Do You Create a DMARC record in Brevo?

Just like DKIM, you can manually or automatically add a DMARC record to Brevo. Here’s how:

Automated DMARC setup

Log in to your Brevo account.

Click “Authenticate automatically,” then click “Continue”.

Enter the credentials of the domain host and press “Continue.”. Using an automated setup, Brevo will add your DMARC record to your domain host automatically. Hence, no manual **DNS update is required.

Manual DMARC setup

If your plan does not support automated setup or you prefer manual DMARC configuration, follow these steps:

• Sign in to your Brevo account.

• Brevo will provide you with the DMARC TXT record. Copy this record.

• Open your DNS management console and add this record.

• After adding the record, click “Save” in Brevo. Now that you have added both DKIM and DMARC records, all that’s left to do is verify them. You can do this by clicking on “Authenticate this email domain” at the bottom of the domain authentication page. By doing so, you are making sure your emails are properly authenticated while they are being delivered and that your domain is well-protected from usage.

Need help implementing email authentication protocols for your domain? Get in touch with us to get started with the enforcement process!