How to make my Sender domain DKIM & DMARC compliant?


Adjustment as of February 2024: DMARC & DKIM become mandatory
Gmail and Yahoo will tighten the rules for incoming email. By doing this they make it more difficult for spammers. Flowmailer ensures proper delivery of your emails. The only action you have to take before February 2024 is setting it up the right authentication. 


Your Sender domain must be DKIM & DMARC compliant if you want to use it in Flowmailer to send out emails.

Follow these steps to make your Sender domain compliant:

  1. Check the current status of your Sender domain(s)
    And if necessary:
  2. Make sure your DKIM is valid
  3. Make sure your DMARC is valid
  4. Check if the status of your Sender domain changed

If you have any trouble setting this up, please check the FAQ below or contact support.

Check the current status of your Sender domain(s)

You will find your current Sender domain(s) in the navigation under Setup > Domains. Click on the Sender domain you want to check. You see the following screen: 

Domain & DMARC setup..png

Option 1: all DNS records and the DMARC record show status OK ✔️
Do you see four green check marks? You don't have to do anything, your sender domain is set up correctly. Please note: this only applies to this sender domain. If you use multiple sender domains or subdomains, check these too.

Option 2: There are one or more records with the status not OK yet ❌ or No DMARC Record Found Yellow_check.png
Do you see one of the icons above in the essential DNS records or the DMARC record? In that case, action is required. These statuses show that the DNS records have not yet been set up correctly.

Make sure your DKIM is valid

The red crosses show that the DNS records have not yet been set up. You see 3 CNAMES in this overview. The first is for bounce handling and open/click tracking and the second and third are for DKIM. The DNS records shown must be added to this domain. Adjust this or contact your system administrator to do so.

Make sure your DMARC is valid

The red cross shows that there is no valid DMARC record for this Sender domain. You have to set up DMARC on your own DNS server. Adjust this or contact your system administrator to do so. 

Do you have a yellow check mark with the status Yellow_check.png Aggregate report tag (rua) does not contain Flowmailer report address? This is sufficient, but we do advise you to supplement your DMARC record. Set the record in such a way that the DMARC feedback is shared with Flowmailer, so you can use the our DMARC report functionality. You will find the DMARC reports in the navigation under Report > DMARC.

The DMARC record shown is an example, please read the article How to format a DMARC record for more information.

Check if the status of your Sender domain changed

After you or your system administration changed the DNS records, please return the Sender Domain details for that specific domain in the navigation under Setup > Domains. You are done when 4 green checkmarks are shown: that means all essential DNS records and the DMARC record are set up correctly.

Have you set everything correctly, but nothing changed? Please check this again later. It can take up to 24 hours to read the records. In most cases we see that this is implemented more quickly. You can use our tool DMARC detective to check the actual SPF & DMARC information of your Sender domain. If you see no changes the next day, please contact our support team. They can check your records for common errors such as extra spaces, formatting errors or unnecessary characters.

Please note: this only applies to this specific sender domain. If you use multiple sender domains or subdomains, check these too. You have to repeat these steps for each Sender domain you want to use in Flowmailer.

Frequently asked questions

I don't have access to the DNS of this Sender domain, what can I do?

You can configure a Fallback Sender domain. You will find this in the navigation under Setup > Settings. The fallback must be a sender domain with valid DMARC. If DMARC of the original sender domain fails, the fallback domain is then used. This can be a (temporary) solution for users who have to wait for their IT-department to make the changes. Or for users who work for many different customers from one Flowmailer account. Ultimately, the intention is that all Sender domains you use are DMARC & DKIM compliant.

I already configured DKIM & DMARC for my main domain, is that sufficient when I use subdomains?

In Flowmailer, a subdomain like mail.example.com is a separate sender domain from example.com. This means that if you want to send from both example.com and mail.example.com, you have to set up a sender domain (to configure DKIM) for both. Unless you want to have the DMARC handling to be different, it's enough to set up DMARC for the main domain.

I have a lot of Sender domains set up, can I get an overview of the Sender domains that are not compliant?

The fastest way is to check the domains under Setup > Domains. But if you have set up so many domains that this becomes a time-consuming job, we also have this API call to request Sender domain information. Please contact support if you need any help.

Related articles