Setting Up Email Domain Authentication

This article explains how to authenticate your email sending domain in Yespo using SPF and DKIM DNS records. Domain authentication helps mailbox providers verify that Yespo is allowed to send emails on behalf of your domain and reduces the risk of sender forgery.

You will learn how to choose one of the available configuration methods — Full, Full +, or Subdomain — add the required DNS records, configure forwarding when needed, and verify the domain status in Yespo.

Before You Start

Make sure you have:

  • Access to the DNS settings of the domain or subdomain you want to authenticate.
  • A domain or subdomain that will be used in the sender address.
  • Access to mailbox or forwarding settings if you use the Full method and need to configure forwarding for bounce+* addresses.
  • Enough time for DNS changes to propagate. DNS changes can take up to 48 hours to propagate.
📘

Note

How Email Domain Authentication Works

Yespo uses two main mechanisms to authenticate your sending domain:

  • SPF checks whether an email was sent from a server authorized in your domain's DNS records.
  • DKIM lets Yespo sign emails with a private key. Recipient mail servers verify the signature using a public key stored in your domain's DNS records.

Together, SPF and DKIM help mailbox providers trust your messages and reduce the chance that legitimate emails are flagged as spam.

Yespo provides the SPF and DKIM values required for domain authentication. Add them to your DNS using the record types and values shown in Yespo.

📘

Note

DMARC is managed in your own DNS because it defines your domain's authentication policy. To learn what DMARC does, see FAQ: Email Authentication and Domain Reputation. For how a strict DMARC policy affects domain warm-up, see Domain Warm-up.

Root Domain, Sending Subdomain, and Technical Subdomain

Before choosing a configuration method, decide which domain will be used in your sender address.

You can authenticate:

  • A root domain, for example yourdomain.com, if your sender addresses use the main domain, such as [email protected].
  • A sending subdomain, for example promo.yourdomain.com, if your sender addresses use a dedicated subdomain, such as [email protected].

The domain in the sender address must match the verified domain or subdomain. Verifying yourdomain.com does not automatically verify promo.yourdomain.com.

Some configuration methods also use a technical subdomain. This subdomain is used for technical email processing and is not necessarily the same as the sender domain shown in the visible From address.

Set Up a Configuration Method

Yespo supports three domain configuration methods.

MethodUse WhenWhat It Covers
FullYou want to authenticate emails sent from addresses on the main domain, for example, [email protected].Emails sent from addresses on the main domain. Requires forwarding for bounce+* addresses.
Full +You want to authenticate the main domain and selected subdomains.Emails sent from the main domain and selected subdomains.
SubdomainYou want to send campaigns from a dedicated subdomain or separate marketing email reputation from other email streams.Emails sent from a specific subdomain, for example @promo.yourdomain.com. Yespo handles spam complaints and errors for the selected subdomain.

We recommend using Full + when possible. If this method is not available because of DNS, mailbox, or infrastructure restrictions, use Subdomain.

Method 1: Full

Use the Full method to authenticate emails sent from addresses on the main domain, for example, [email protected].

  1. Go to Settings → Domain verification and click New domain.
Yespo Domain verification page with the New domain button
  1. Click Complex server configuration.
Yespo domain setup dialog with the Complex server configuration option

The Full configuration method is selected by default.

  1. Click Next.
Full domain configuration method selected in Yespo
  1. Enter your domain and click Start verification.
📘

Note

Use your own domain name instead of yourdomain.com.

Domain name field and Start verification button in Yespo

Yespo checks your domain's DNS records and shows which records need to be created or updated.

  1. Copy the values from the Name and Data fields and create DNS records of the corresponding types in your domain's DNS settings.
DNS records required for Full domain verification in Yespo
  1. Set up automatic forwarding for all emails sent to bounce+* addresses on your domain to [email protected].

In bounce+*, the asterisk matches any sequence of valid characters after bounce+.

If your mail provider supports plus addressing, create a bounce mailbox and forward all incoming emails to [email protected].

If your mail provider does not support plus addressing, set up a mailbox that receives messages sent to non-existent addresses. In this mailbox, create a filter:

  • If an email is sent to an address starting with bounce+, forward it to [email protected].
  • If an email is sent to any other non-existent mailbox, delete it.

Yespo checks whether forwarding works during domain verification.

📘

Note

We also recommend forwarding copies of emails sent to the abuse address on your domain to [email protected]. This helps us respond to complaints promptly.

  1. Return to Yespo and click Verify domain.
Verify domain button in Yespo domain verification settings

After successful verification, the domain status changes to Domain verified.

Domain verified status after Full domain authentication in Yespo

Example of email headers in Gmail after domain verification:

Gmail email headers showing DKIM signatures after Full domain verification

The email has two DKIM signatures: one for the Yespo domain and one for your domain.

Method 2: Full +

Use the Full + method to authenticate emails sent from the main domain and selected subdomains. We recommend this method when it is available.

  1. Go to Settings → Domain verification and click New domain.
Yespo Domain verification page with the New domain button
  1. Enter the domain name.
  2. Enter an unused name for the technical subdomain. For example, use email, promo, support, or another name. In the example below, sub is used.
  3. Click Start verification.
Domain and technical subdomain fields for Full plus verification in Yespo

Yespo checks your domain's DNS records and shows which records need to be created or updated.

  1. Copy the values from the Name and Data fields and create DNS records of the corresponding types in your domain's DNS settings.
DNS records required for Full plus domain verification in Yespo
  1. Return to Yespo and click Verify domain.
Verify domain button in Yespo domain verification settings

After successful verification, the domain status changes to Domain verified.

Domain verified status after Full plus authentication in Yespo

Example of email headers in Gmail after domain verification:

Gmail email headers showing DKIM signatures after Full plus domain verification

The email has two DKIM signatures: one for the Yespo domain and one for your domain.

Method 3: Subdomain

Use the Subdomain method to authenticate emails sent from a dedicated sending subdomain, for example @promo.yourdomain.com.

This method is useful when you want to keep marketing email reputation separate from the reputation of transactional and other email streams. With this method, spam complaints and errors are handled automatically for the selected subdomain.

  1. Go to Settings → Domain verification and click New domain.
Yespo Domain verification page with the New domain button
  1. Click Complex server configuration.
Yespo domain setup dialog with the Complex server configuration option
  1. Select Subdomain and click Next.
Subdomain configuration method selected in Yespo
  1. Enter the subdomain and click Start configuration.
Subdomain field and Start configuration button in Yespo

Yespo checks your subdomain's DNS records and shows which records need to be created or updated.

  1. Copy the values from the Name and Data fields and create DNS records of the corresponding types in your subdomain's DNS settings.
DNS records required for Subdomain verification in Yespo
  1. Return to Yespo and click Verify domain.
Verify domain button for a sending subdomain in Yespo

After successful verification, the domain status changes to Domain verified.

Domain verified status after Subdomain authentication in Yespo

Example of email headers in Gmail after domain verification:

Gmail email headers showing DKIM signatures after Subdomain verification

The email has two DKIM signatures: one for the Yespo domain and one for your subdomain.

📘

Note

  • With the Subdomain method, all mail for the selected subdomain arrives at Yespo mail servers and is forwarded to the address specified in the Reply field.
  • The reply address must be valid, and the corresponding mailbox must be monitored.
  • Recipients can reply to your emails or send unsubscribe requests. Process such requests promptly.

You can also follow the dedicated guide to set up email domain authentication on Cloudflare.

Verify Domain Settings

After you add or update the required DNS records, return to Settings → Domain verification in Yespo and click Verify domain.

If the setup is correct, the domain status changes to Domain verified.

If Yespo detects issues with the DNS records, a warning appears next to the verification status.

Domain verification warning in Yespo

Click the warning to view the recommended changes.

Recommended DNS changes for domain verification in Yespo

Make the recommended changes in your DNS settings, and then click Refresh in Yespo.

You can also use external DNS tools to check whether your records are available to mail servers:

Expected Result

After successful verification:

  • The domain or subdomain status changes to Domain verified.
  • Yespo can sign emails with DKIM for your domain or subdomain.
  • You can use sender addresses that match the verified domain or subdomain.
  • Test emails should pass SPF and DKIM checks.
  • The domain in the visible From address should match the verified sending domain.

Before You Launch: Preflight Checklist

Before you start sending, confirm:

  • Your domain or subdomain shows Domain verified in Settings → Domain verification, with no outstanding warnings.
  • DNS changes have fully propagated. Allow up to 48 hours and re-check with a DNS tool if needed.
  • Your sender address uses the verified domain or subdomain. See Adding a Sender.
  • Your reply-to address is valid, and the corresponding mailbox is monitored.
  • You have sent a test email and confirmed that it passes SPF and DKIM checks, for example, with Mail-Tester.

Additional DNS Settings

If necessary, you can grant Yespo access to Google Postmaster Tools analytics. To do this, add the TXT or CNAME record provided by Yespo to your DNS settings.

Read Google's documentation to learn more about Google Postmaster Tools DNS verification.

Troubleshooting

If verification fails because of a missing MX record, an invalid or duplicate SPF record, a missing DKIM record, an incorrect Name or Host value, or another DNS issue, see Domain Verification Troubleshooting.

How Yespo Monitors Domain Settings

Yespo regularly checks whether your DNS settings remain valid.

If the settings no longer meet the requirements, we notify you by email. DKIM signing with your domain key is suspended until the issue is resolved. Read automated emails from Yespo carefully, and contact our support team if you need help.

Deleting a Domain

Click the trash can icon in the right column to delete a domain, then confirm the action.

Delete domain action in Yespo Domain verification settings

Next Steps

  • Warm up your domain before increasing send volume. See Domain Warm-up.
  • Set up your senders and reply-to addresses. See Adding a Sender.
  • Add a BIMI logo after domain authentication is stable. BIMI usually requires an enforced DMARC policy, such as p=quarantine or p=reject. See Adding a BIMI Logo.