Important update 1: Email Support is being transitioned to Webforms. Click here for more information.

Set Up SPF, DKIM, and DMARC for Enom Email

SPF, DKIM, and DMARC are three DNS-based authentication standards that prove your mail is legitimate and help it reach the inbox. This article is the step-by-step how-to for publishing the three records on a domain using Enom hosted email. For the background on why major providers now require them, see Understanding Gmail, Microsoft, and Yahoo DMARC Requirements.

Why SPF, DKIM, and DMARC matter

Beginning in 2024, Gmail, Yahoo, and Microsoft require senders to authenticate their mail with SPF and DKIM and to publish a DMARC policy. Domains that authenticate properly are more likely to be delivered to the inbox and less likely to be spoofed. For broader guidance, see Email Deliverability Best Practices and Understanding Gmail, Microsoft, and Yahoo DMARC Requirements.

  • SPF (Sender Policy Framework) lists the servers allowed to send mail for your domain.
  • DKIM (DomainKeys Identified Mail) adds a cryptographic signature that proves a message was not altered in transit.
  • DMARC tells receivers what to do when a message fails SPF or DKIM, and where to send reports.

Before you begin

  • You need access to your domain's DNS host records at Enom. See Managing DNS Host Records.
  • Your domain should use Enom DNS so these records take effect.

Step 1: Add the SPF record

Publish a single SPF record as a TXT record on the root domain.

  1. Go to Domains > My domains and select your domain.
  2. Choose Host records from the manage-domain dropdown.
  3. Add a TXT record on the root domain with the SPF value provided for your email setup.
  4. Click Save.

The exact SPF include host depends on which Enom email service the domain uses, and the source articles show two different values. Confirm which applies before publishing:

  • For Enom email forwarding, the deliverability article shows: v=spf1 include:_spf.emfwd.name-services.com MX ?all
  • For hosted email / account-email validation, the DMARC article shows: v=spf1 include:_spf.hostedemail.com ~all

Step 2: Enable and publish DKIM

  1. Obtain the DKIM selector and public-key value provisioned for your domain's hosted email.
  2. In Host records, add the DKIM record (typically a TXT or CNAME record at the selector host) with the provided value.
  3. Click Save.

Step 3: Publish a DMARC record (start with p=none)

Add a DMARC policy as a TXT record on the _dmarc subdomain. Start with a monitoring-only policy so you can collect reports without affecting delivery.

  1. In Host records, add a TXT record with the host name _dmarc.
  2. Enter the record data. The minimum required value is v=DMARC1; p=none;
  3. To receive aggregate and forensic reports, use: v=DMARC1; p=none; rua=mailto:username@example.com; ruf=mailto:username@example.com; fo=1 (replace the email addresses with your own).
  4. Click Save.

Start at p=none to monitor. Once reports confirm your legitimate mail passes SPF and DKIM, you can tighten the policy to quarantine and then reject.

A domain may have only one SPF record. If an SPF record already exists, do not add a second one — merge the required includes into the single existing record instead.

Next steps

Questions? Contact Enom Support.

How helpful was this article?

Thanks for your feedback!

Do you still need help? If so please submit a request here.