Email Deliverability

Steps to Add DKIM and Other DNS Records in Cloudflare for Email Deliverability

To ensure your emails are reliably delivered and not marked as spam, you must properly configure several DNS records in Cloudflare: DKIM, SPF, and DMARC. These records authenticate your emails, prevent spoofing, and signal to receiving servers that your messages are legitimate.

1. Generate Your DKIM Record

  • Use your email service provider (ESP)—such as Google Workspace, Microsoft 365, Zoho Mail, etc.—to generate a DKIM public key and selector. This is typically found in your ESP’s admin or security settings[1][3][10].

2. Add the DKIM Record in Cloudflare

  • Log in to your Cloudflare dashboard.
  • Select your domain.
  • Go to the DNS section.
  • Click “Add Record.”
  • Set the record type to TXT (or CNAME if your ESP specifies).
  • For TXT:
    • Name[selector]._domainkey (e.g., s1._domainkey)
    • Content: The DKIM public key string provided by your ESP (starts with v=DKIM1; k=rsa; p=...)[7][10].
  • Save the record. DNS propagation may take up to an hour, but sometimes up to 48 hours[1][10].

3. Add an SPF Record

  • SPF (Sender Policy Framework) tells receiving servers which IPs or services are allowed to send email for your domain.
  • In Cloudflare DNS:
    • Add a TXT record.
    • Name@ (or your subdomain if specified)
    • Content: Example: v=spf1 include:yourprovider.com -all (replace with your ESP’s recommended value)[2][11].
  • Only one SPF record should exist per domain. Combine values if you use multiple ESPs.

4. Add a DMARC Record

  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) enforces your SPF and DKIM policies and provides reporting.
  • In Cloudflare DNS:
    • Add a TXT record.
    • Name_dmarc
    • Content: Example: v=DMARC1; p=quarantine; rua=mailto:[email protected] (adjust policy as needed: nonequarantine, or reject)[5][11].
  • Only one DMARC record per domain.

5. (Optional) Add MX Records

  • If you want to receive email at your domain, ensure you have correct MX records pointing to your mail server[4][8][11].
  • In Cloudflare DNS:
    • Add an MX record.
    • Name@ (or subdomain)
    • Mail Server: Your provider’s mail server address.
    • Priority: As specified by your provider.

Summary Table

Record TypeName/HostContent/ValuePurpose
TXTs1._domainkeyv=DKIM1; k=rsa; p=…DKIM: Email authenticity
TXT@v=spf1 include:yourprovider.com -allSPF: Sender authorization
TXT_dmarcv=DMARC1; p=quarantine; rua=mailto:…DMARC: Policy & reporting
MX@mail.yourprovider.com (priority 10, etc.)Mail routing (receiving email)

Additional Tips

  • Verify Records: After adding, use tools like MXToolbox or your ESP’s built-in checker to confirm correct setup[1][7][10].
  • Propagation Time: Changes may take up to 48 hours to propagate, but often are much faster[1][10].
  • Cloudflare Email Security Wizard: Cloudflare now offers an Email Security DNS Wizard that can guide you through adding SPF, DKIM, and DMARC records, and alert you to insecure configurations[6].
  • Avoid Multiple Records: Only one SPF and one DMARC record per domain—combine values if necessary[5].
  • Keep Records Updated: If you change ESPs or add new services, update your DNS records accordingly to avoid delivery issues[8][11].

Properly setting up DKIM, SPF, and DMARC in Cloudflare is essential for email deliverability and security, significantly reducing the risk of your emails being marked as spam or rejected by recipient servers[1][3][5][8][11].

Sources

[1] How to Set Up a DKIM Record on Cloudflare – Step-by-Step Guide https://www.lemwarm.com/blog/dkim-cloudflare 

[2] Configuring DKIM in Cloudflare | Zoho TeamInbox https://www.zoho.com/teaminbox/help/settings/dkim-in-cloudflare.html 

[3] A Brief Guide On How To Set Up DKIM Cloudflare – DuoCircle https://www.duocircle.com/resources/dkim-cloudflar

e [4] Set up email records · Cloudflare DNS docs https://developers.cloudflare.com/dns/manage-dns-records/how-to/email-records/ 

[5] A Guide To Setting Up DMARC In Cloudflare – DuoCircle https://www.duocircle.com/resources/dmarc-cloudflare 

[6] Tackling Email Spoofing and Phishing – The Cloudflare Blog https://blog.cloudflare.com/tackling-email-spoofing/ 

[7] How to Add DKIM Record in CloudFlare – DMARCLY https://dmarcly.com/blog/how-to-add-dkim-record-in-cloudflare-cloudflare-dkim-setup-guide 

[8] How to Send and Receive Emails in Cloudflare: A Complete Guide https://davissenei.com/send-and-receive-emails-in-cloudflare/ 

[9] Email spoofing : r/CloudFlare – Reddit https://www.reddit.com/r/CloudFlare/comments/1dp3if0/email_spoofing/ 

[10] How to Add a DKIM Record to Cloudflare? – EasyDMARC https://easydmarc.com/blog/how-to-add-a-dkim-record-to-cloudflare/ 

[11] How to Configure Cloudflare for Sending Bulk Mailers to Candidates … https://tobu.ai/blog/how-to-configure-cloudflare-for-sending-bulk-mailers-to-candidates-through-tobu-ai/ 

[12] What is a DNS DKIM record? – Cloudflare https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/ 

[13] How can i add dkim and how to get it?! – Cloudflare Community https://community.cloudflare.com/t/how-can-i-add-dkim-and-how-to-get-it/18331 

[14] How to set up DKIM – Email Routing – Cloudflare Community https://community.cloudflare.com/t/how-to-set-up-dkim/551178 

[15] Email deliverability – DNS & Network – Cloudflare Community https://community.cloudflare.com/t/email-deliverability/511316 

[16] Configuring DNS records for email in Cloudflare – hosting.com https://kb.hosting.com/docs/configuring-dns-records-for-email-in-cloudflare 

[17] Issue with email deliverability after server migration – DNS & Network https://community.cloudflare.com/t/issue-with-email-deliverability-after-server-migration/624250 

[18] How to Setup DMARC, SPF and DKIM For Cloudflare – YouTube https://www.youtube.com/watch?v=96T43Aj_6p0 

[19] DKIM and “Selector” Settings – DNS & Network https://community.cloudflare.com/t/dkim-and-selector-settings/406990

DMARC

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an open email authentication protocol designed to protect email domain owners from unauthorized use of their domain, such as email spoofing, phishing, and business email compromise attacks[3][5][6].

How DMARC Works:

  • DMARC builds on two existing protocols: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail)[1][2][5].
  • Domain owners publish a DMARC policy as a DNS TXT record for their domain[3][9].
  • When an email is received, the recipient mail server checks the DMARC record and verifies that the message passes SPF and/or DKIM authentication and that the sender’s domain aligns with the domain in the email’s “From” header[6][7].
  • Based on the domain owner’s DMARC policy, the recipient server will:
  • Deliver the email,
  • Quarantine it (send to spam/junk), or
  • Reject it outright[3][5][6][7].
  • DMARC also enables reporting: recipient servers send aggregate and forensic reports back to the domain owner, providing visibility into how their domain is being used in email[1][9].

Why DMARC is Important:

  • Prevents domain spoofing: Stops attackers from sending emails that look like they come from your domain[3][5][6].
  • Enhances brand trust: Recipients are more likely to trust emails that are authenticated and protected by DMARC[6].
  • Provides visibility: DMARC reports help you monitor who is sending email on behalf of your domain and spot unauthorized senders[1][6].
  • Improves deliverability: Authenticated emails are less likely to be marked as spam by major email providers[7].

Summary Table

ProtocolPurposeDMARC Role
SPFAuthorizes specific IPs to send emailDMARC checks SPF alignment
DKIMDigitally signs emailsDMARC checks DKIM alignment
DMARCPolicy & reporting for SPF/DKIM failuresDecides pass, quarantine, or reject

In essence, DMARC is a critical layer of email security that helps domain owners control how their domain is used in email and protects recipients from fraudulent messages[3][5][6][7].

Sources
[1] What Is DMARC? How Does DMARC Work? – Fortinet https://www.fortinet.com/resources/cyberglossary/dmarc
[2] dmarc.org – Domain Message Authentication Reporting … https://dmarc.org
[3] DMARC – Wikipedia https://en.wikipedia.org/wiki/DMARC
[4] What is DMARC | ITS Services | University of Nebraska–Lincoln https://services.unl.edu/service/unl-email-security-third-party-senders/what-dmarc
[5] What Is DMARC? – Meaning, Purpose, Verification | Proofpoint US https://www.proofpoint.com/us/threat-reference/dmarc
[6] What Is DMARC? – Mimecast https://www.mimecast.com/content/what-is-dmarc/
[7] What are DMARC, DKIM, and SPF? – Cloudflare https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/
[8] What Is DMARC in Email (Understanding DMARC Records)? https://sendgrid.com/en-us/blog/what-is-dmarc
[9] What is DMARC – How Does DMARC Work? – MxToolbox https://mxtoolbox.com/dmarc/details/what-is-dmarc
[10] Use DMARC to validate email, setup steps – Learn Microsoft https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .