Reading Time: 4 min

Authenticating your email domain can be beneficial to domain owners in more ways than one. Not only does email authentication prevent cyber attacks like spoofing and phishing – it also improves the deliverability of messages. Protocols like SPF, DKIM, and DMARC play a crucial role in securing your domain against threats and upholding your sender reputation and credibility. 

Brevo (formerly Sendinblue) recommends domain owners to configure domain authentication, including protocols like SPF, DKIM, and DMARC. This is especially important after the rollout of Google and Yahoo’s email sender requirements.  To make sure your email deliverability doesn’t take a hit, authenticating your emails is a must! 

Let’s find out how Brevo users can set up DKIM, DMARC, and SPF easily for their domains. 

How to Add Brevo SPF Record? 

If you use Brevo, you don’t need to manually implement a Brevo SPF record. Brevo doesn’t provide an SPF record since SPF is checked on the Envelope Sender handled by Brevo’s internal servers, negating the need for authorizing Brevo as a sender for your domain. Regardless of whether you implement a Brevo SPF record by updating your DNS settings with “include:spf.sendinblue.com”, SPF authentication will fail. This is because the Envelope From sender domain will not match the From: domain. 

In their email authentication blog, Brevo explains that SPF implementation isn’t required for Brevo users as they provide implementation assistance for DKIM to set up DMARC. To enable DMARC, you need to configure either SPF or DKIM. While you can configure both for enhancing the effectiveness of your security – it’s not mandatory. DMARC required either DKIM or SPF to pass for DMARC to pass during email authentication. 

Hence, you can skip the Brevo SPF record implementation in this case. 

Learn more about SPF.

Enabling Domain Authentication for Brevo (Formerly Sendinblue)

To start authenticating your emails for Brevo, you need to first add your domain to Brevo.

1. Login to your Brevo account.
2. Go to Senders, Domains, and Dedicated IPs > Domains.
3. Select “Add a domain” and enter your domain name (e.g. company.com). Click on “Save this email domain”. 
4. Now you are ready to authenticate your domain with Brevo DKIM and Brevo DMARC records. 

Keep reading to learn how! 

How to Add Brevo DKIM Record? 

Brevo DKIM can be handled automatically or manually. Let’s discuss the steps for each: 

Brevo DKIM Automated Setup

If automated authentication is available on your plan:

1. Login to your Brevo account.
2. Click on “Authenticate automatically” and press continue on the pop-up box.
3. Enter your domain host credentials and click “Continue”.
4. On an automated setup, your Brevo DKIM records are automatically added to your domain host without you having to manually update your DNS. 

Brevo DKIM Manual Setup

If the automated setup is not available on your plan or you wish to manually set up DKIM: 

1. Login to your Brevo account. 
2. Brevo will display your DKIM TXT record. Copy this record. 
3. Login to your DNS management console and publish this record. 
4. Once the process is complete, click on “Save”. Your DNS may take some time to propagate these changes. Once done, you will have enabled DKIM authentication for Brevo. 

Learn more about DKIM.

How to Add Brevo DMARC Record? 

Similarly, Brevo DMARC can be handled automatically or manually. Let’s discuss the steps for each: 

Brevo DMARC Automated Setup

If automated authentication is available on your plan:

1. Login to your Brevo account.
2. Click on “Authenticate automatically” and press continue on the pop-up box.
3. Enter your domain host credentials and click “Continue”.
4. On an automated setup, your Brevo DMARC records are automatically added to your domain host without you having to manually update your DNS. 

Brevo DMARC Manual Setup

If the automated setup is not available on your plan or you wish to manually set up DMARC: 

1. Login to your Brevo account. 
2. Brevo will display your DMARC TXT record. Copy this record. 
3. Login to your DNS management console and publish this record. 
4. Once the process is complete, click on “Save”. Your DNS may take some time to propagate these changes. Once done, you will have enabled DMARC authentication for Brevo. 

Learn more about DMARC.

Domain Authentication Verification for Brevo DMARC and DKIM Records

To verify your Brevo DMARC and DKIM record setups: 

1. Click “Authenticate this email domain” at the end of the domain authentication page
2. If your records are set up correctly, there will be a green checkmark against the displayed records, with “Value matched” messages against them. 
3. In case the setups are incorrect, “Value mismatched” messages will be displayed. 

Before 48 hours you can check your records by clicking on “Check configuration” under your domain and clicking on “Authenticate this email domain” as many times as you like. In case even after 48 hours, your domain isn’t authenticated properly, reach out to Brevo support for assistance. 

For more information on domain authentication, you can refer to Brevo’s guide. 

To Sum It Up

Implementing DMARC is not enough to ensure your email’s safety. Enabling DMARC reporting for your domain ensures that you can monitor your sending sources and email channels adequately. Any attempted authentication failure will never skip your notice again! This will also help you troubleshoot issues faster. 

However, DMARC reports can get hard to read and monitor through the XML files sent to your inbox. The solution? Switch to PowerDMARC. Our human-readable reports allow easy monitoring with advanced filters, summarized data, charts, and tables. Sign up to get your free trial today!

*** This is a Security Bloggers Network syndicated blog from PowerDMARC authored by Yunes Tarada. Read the original post at: https://powerdmarc.com/configure-brevo-spf-dkim-dmarc/