When you send emails, mailbox providers (such as Gmail, Outlook, AOL, and Yahoo) identify if emails are legitimate or are sent by a spammer or phisher. This includes emails sent from SpinOffice CRM. This is why setting up email authentication is important.
There are three authentication standards used to verify a sender's identity. SPF, DKIM, and DMARC. Since February 2024, Gmail and Yahoo require DKIM and DMARC authentication to achieve delivery. Other mailbox providers already expect senders to authenticate their email traffic through SPF.
With SpinOffice, we offer SPF and DKIM authentication. Therefore, we highly recommend all customers set up both for their sending domains. This is a one-time configuration step per domain name.
SPF
SPF (Sender Policy Framework) records are TXT records on your domain that authorize specific servers to send mail using your domain name. SPF is like a security guard for emails. It allows you (the sender) to publish a public record that lists what IPs can be sent from your domain. The record is created in the DNS as a TXT record for your domain. When a Mailbox Provider like Gmail receives a message using this domain, it can look at your public DNS record to see if the IP is permitted to send the campaign. In simple terms, SPF acts as a gatekeeper, ensuring only legitimate emails get through, keeping you and your subscribers safe from phishing scams.
You can only create one SPF record for your domain name. If you have an existing SPF record, you will need to modify your current record instead of creating a new SPF record. To check if your domain has an SPF record, visit MX Toolbox.
To set up SPF, please select the option below that applies to your domain:
1. Your domain does not have an SPF record:
- Log in to your DNS provider of your domain and locate your DNS record settings.
- Create a new TXT record and paste the following line in the text box:
v=spf1 include:spf.spinoffice-crm.com -all
- Save the record.
2. Your domain already has an SPF record:
- Login to your DNS provider of your domain and locate your DNS record settings.
- Add the following text to the existing TXT record, before the closing -all tag:
include:spf.spinoffice-crm.com
- Save the record.
After you've made the required SPF changes, please wait 24 hours for the changes to propagate.
DKIM
DKIM (DomainKeys Identified Mail) is a digital signature that is added to outgoing email messages. This signature proves that the message was actually sent on behalf of the sender’s domain and has not been altered in transit.
DKIM works using cryptographic keys:
- SpinOffice (via our mail infrastructure) adds a hidden DKIM signature to the email header.
- A public key is published in your domain’s DNS, allowing receiving mail servers to verify the authenticity of the message.
DKIM helps prevent spoofing and phishing and enables mailbox providers such as Gmail, Microsoft, Yahoo, and iCloud to correctly assess the email reputation of your sending domain.
Setting up DKIM for SpinOffice
To correctly configure DKIM for SpinOffice, you must add two new TXT records to your domain’s DNS. Both records are required to ensure reliable email delivery.
Step 1: Log in to your DNS provider
Log in to the provider that manages your domain’s DNS (for example TransIP, Cloudflare, etc.).
Step 2: Add the DKIM records
Create two TXT-records with the following details:
DKIK record 1 (key001)
Type:
Name / Host:
(with some DNS providers, the domain name is added automatically)
Value:
DKIK record 2 (key002)
Type:
Name / Host:
Value:
⚠️ Important
- Copy both DKIM values exactly as shown above
- Each value must be entered on a single line
- Do not modify the values and do not add extra spaces or line breaks
TTL:
Use the default value of your DNS provider (for example 300 or 3600 seconds).
Step 3: Save the changes
After saving, it may take several minutes (and in some cases longer) for the DNS changes to propagate worldwide.
Step 4: Inform us about the domain
Send an email to support@spinoffice-crm.com including the domain name(s) for which DKIM has been configured. We will then activate DKIM for your domain on our side.
Step 5: DKIM active
Once the domain has been linked to our DKIM mail server, all outgoing email messages will automatically be signed using DKIM.
Note
For most customers, no additional SPF changes are required, as our mail servers are already included in the existing SPF policy.
Troubleshooting DKIM issues
General issues
- If you receive the error “DKIM = did not pass” or “DKIM_PermError” when sending email, please contact support@spinoffice-crm.com and include a screenshot or the exact error message.
- If you recently added or modified the DKIM record, please note that DNS changes may take some time to become fully active.
- If you are unsure whether the DKIM record is configured correctly, contact support@spinoffice-crm.com and mention the affected domain.
DKIM verification problems
- DKIM record does not match
DKIM verification can fail if:the TXT record value does not exactly match
characters are missing or extra characters were added
the DKIM key was not copied completely
Make sure the entire TXT record value exactly matches the DKIM key provided by SpinOffice and that it is entered as a single line.
- Spaces or linebreaks in TXT record
Ensure that:
there are no leading or trailing spaces
the DKIM key is not split across multiple lines
This often happens when copying and pasting the value.
- DKIM record not published
Even if the record has been added correctly, it may not yet be visible in DNS.
You can verify this using MX Toolbox:
Lookup type: DKIM Lookup
Domain / selector:
If the test result is green / successful, the DKIM record is correctly published and publicly accessible.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article