Customer StoriesYespo Blog
Guides
Request DemoLogin

Email Domain Authentication

This article explains how to authenticate your email sending domain in Yespo using SPF and DKIM DNS records. Domain authentication helps mailbox providers verify that Yespo is allowed to send emails on behalf of your domain and reduces the risk of sender forgery.

You will learn how to choose one of the available configuration methods — Full, Full +, or Subdomain — add the required DNS records, configure forwarding when needed, and verify the domain status in Yespo.

Domain authentication uses two main mechanisms:

  • DKIM (DomainKeys Identified Mail) allows senders to sign emails with a private key and recipients to verify the authenticity of the signatures using a public key stored in DNS.
  • SPF (Sender Policy Framework) checks whether the email comes from an authorized server specified in the domain's DNS record.

Both mechanisms increase the trust of email services in your messages and reduce the likelihood of your emails being identified as spam.

How Email Domain Authentication Works

Reteno uses two main mechanisms to authenticate your sending domain:

  • DKIM (DomainKeys Identified Mail) allows Yespo to sign emails with a private key. Recipient mail servers verify the signature using a public key stored in your domain's DNS records.
  • SPF (Sender Policy Framework) checks whether an email was sent from a server authorized in the domain's DNS records.

Together, these mechanisms increase mailbox providers' trust in your messages and reduce the likelihood that legitimate emails are identified as spam.

📘

Note

Before You Start

Make sure you have:

  • Access to the DNS settings of the domain or subdomain you want to authenticate.
  • A domain or subdomain that will be used in the sender address.
  • Access to mailbox or forwarding settings if you use the Full method and need to configure forwarding for bounce+* addresses.
  • Enough time for DNS changes to propagate. Some DNS servers may need up to 48 hours to apply changes.

Set Up a Configuration Method

Yespo supports three domain configuration methods.

MethodUse whenWhat it covers
FullYou want to authenticate emails sent from the main domain, for example @yourdomain.com.Emails sent from mailboxes on the main domain. Requires forwarding for bounce+* addresses.
Full +You want the most complete setup for the main domain and subdomains.Emails sent from the main domain and selected subdomains. Recommended when available.
SubdomainYou want to send campaigns from a dedicated subdomain or separate marketing email reputation from other email streams.Emails sent from a specific subdomain, for example @promo.yourdomain.com. Yespo handles spam complaints and errors automatically for the selected subdomain.

We recommend using Full + when possible. If this method is not available because of DNS, mailbox, or infrastructure restrictions, use Subdomain.

Method 1: Full

Use this method to authenticate emails sent from any mailbox of the main domain, for example @yourdomain.com.

  1. Go to Settings → Domain verification and click New domain.
Domain verification page with the New domain button
  1. Click Complex server configuration.
Complex server configuration option

The Full configuration method is selected by default.

  1. Click Next.
Full configuration method selected by default
  1. Specify a domain and click Start verification.
📘

Note

Use your domain name instead of yourdomain.com.

Domain field for the Full configuration method

Yespo will check your domain's DNS records and suggest creating new records or modifying existing ones.

  1. Copy each value from the Name and Data fields and add it to the corresponding record type in your domain's DNS settings.
DNS records required for the Full configuration method
  1. Set up automatic forwarding for all emails sent to the bounce+* address in your domain to [email protected].

The asterisk in bounce+* means that any number of valid characters can be placed in its position.

The easiest way to set up such forwarding is when your domain's mail is hosted on Google servers. Google discards the suffix after the plus sign in the address. In this case, create a bounce mailbox and configure forwarding of all incoming emails to [email protected].

If your mail service does not support dropping the suffix after the plus sign, set up a catch-all mailbox to store mail sent to all non-existent mailboxes on your domain. In this mailbox, create a filter: if an email is sent to an address starting with bounce+, forward it to [email protected]; otherwise, delete it.

The forwarding mechanism is checked during domain verification.

📘

Note

We also recommend forwarding copies of emails sent to the abuse address in your domain to [email protected]. This helps us respond to complaints promptly.

  1. Return to your Yespo account and click Verify domain.
Verify domain button

After this, the domain status should change to Domain verified.

Domain verified status for the Full method
📘

Note

Some DNS servers need up to 48 hours to apply all changes.

Example of email headers in Gmail after domain verification:

Gmail headers after Full domain verification

The email is signed using the DKIM of both our domain and your domain.

Method 2: Full +

Use this method to authenticate emails sent from the main domain and selected subdomains. This is the recommended option when it is available for your sending setup.

  1. Go to Settings → Domain verification and click New domain.
Domain verification page with the New domain button for Full plus
  1. Specify the domain name and an unused name for the technical domain. For example, use email, promo, support, or another name. For clarity, this article uses sub as an example.
  2. Click Start verification.
Domain and technical domain fields for the Full plus method

Yespo will check your domain's DNS records and suggest creating new records or modifying existing ones.

  1. Copy each value from the Name and Data fields and add it to the corresponding record type in your domain's DNS settings.
DNS records required for the Full plus configuration method
  1. Return to your Yespo account and click Verify domain.
Verify domain button for the Full plus method

After this, the domain status should change to Domain verified.

Domain verified status for the Full plus method

Example of email headers in Gmail after domain verification:

Gmail headers after Full plus domain verification

The email is signed using the DKIM of both our domain and your domain.

Method 3: Subdomain

Use this method to authenticate emails sent from a dedicated subdomain, for example @promo.yourdomain.com.

This option is suitable when you want to separate the reputation of marketing campaigns from transactional and other communications. It also provides automatic handling of spam complaints and errors for the selected subdomain.

  1. Go to Settings → Domain verification and click New domain.
Domain verification page with the New domain button for Subdomain
  1. Click Complex server configuration.
Complex server configuration option for Subdomain
  1. Select Subdomain and click Next.
Subdomain configuration method selected
  1. Specify a subdomain and click Start configuration.
Subdomain field for the Subdomain configuration method

Yespo will check your domain's DNS records and suggest creating new records or modifying existing ones.

  1. Copy each value from the Name and Data fields and add it to the corresponding record type in your domain's DNS settings.
DNS records required for the Subdomain configuration method
  1. Return to your Yespo account and click Verify domain.
Verify domain button for the Subdomain method

After this, the domain status should change to Domain verified.

Domain verified status for the Subdomain method

Example of email headers in Gmail after domain verification:

Gmail headers after Subdomain verification

The email is signed using the DKIM of our domain and your subdomain.

📘

Note

  • In this option, all mail for the selected subdomain will arrive at our mail servers and be forwarded to the address specified in the reply field.
  • The address specified in the reply field must be valid. You must regularly review it and respond to emails arriving at it.
  • Recipients can respond to emails and request to unsubscribe from your campaigns. You must immediately unsubscribe such recipients.

See the example of how to set up email domain authentication on Cloudflare.

Verify Domain Settings

After you add or update the required DNS records, return to Settings → Domain verification in Yespo and click Verify domain.

If the setup is correct, the domain status changes to Domain verified.

If Yespo detects issues with the DNS records, a warning appears next to the verification status. Click the warning to view the recommended changes, update the records in your DNS provider, and then click Refresh in Yespo.

Warning next to the domain verification status

Click the warning to view the list of recommendations.

DNS settings recommendations in the warning pop-up

DNS changes may take up to 48 hours to propagate. If the records were added recently and verification fails, wait until propagation is complete and try again.

You can also use external DNS tools to check whether your DNS records are available to mail servers:

Additional DNS Settings

If necessary, you can grant us access to Postmaster Tools analytics. To do this, we will provide a TXT or CNAME record that must be added to DNS. Learn more about Google Postmaster Tools DNS verification.

Troubleshooting

Domain Verification Fails

Check that each DNS record was added with the exact Name and Data values shown in Yespo. Also make sure the record type is correct.

If you added the records recently, wait until DNS propagation is complete. Some DNS servers may need up to 48 hours to apply changes.

SPF Record Is Invalid

Use an SPF validation tool to check whether the SPF record is generated correctly and does not exceed standard SPF limitations.

Forwarding for bounce+* Does Not Work

For the Full method, make sure all emails sent to bounce+* addresses in your domain are forwarded to [email protected].

  • If your mail provider supports plus addressing, create a bounce mailbox and forward all incoming emails from this mailbox to [email protected].
  • If your mail provider does not support plus addressing, create a mailbox that receives messages sent to non-existent addresses in your domain. In this mailbox, set up a filter: if an email is sent to an address that starts with bounce+, forward it to [email protected]; otherwise, delete it.

The forwarding mechanism is checked during domain verification.

Subdomain Replies Are Not Handled Correctly

For the Subdomain method, make sure the reply address is valid and regularly monitored. Recipients can reply to your campaigns or request to unsubscribe, and such requests must be processed promptly.

Yespo Reports Issues After the Domain Was Verified

Yespo regularly checks domain settings. If the settings become invalid, Yespo notifies you by email, and key signing for your domain may be suspended until the issue is fixed.

How Yespo Monitors Domain Settings

Yespo regularly checks whether your DNS settings remain valid.

If the settings break, we will notify you by email. Until the issue is resolved, key signing for your domain will be suspended.

Carefully read automated emails generated by Yespo. If you receive a message about a problem, contact our support team for help.

Deleting a Domain

Click the trash can icon in the right column to delete a domain and confirm the action.

Trash can icon for deleting a verified domain

Updated 3 days ago