Branding and Authentication: SPF, DKIM, DMARC

This is an advanced topic for those who are familiar with authentication. If you would like an in-depth explanation of how to set up your SPF, DKIM, and DMARC with FeedBlitz, please click here.

You can use FeedBlitz without authorizing us - we'll change the sender information (but not the reply-to) to get the best deliverability we can for you. 

However, we strongly recommend enabling SPF,  DKIM, and DMARC to authenticate FeedBlitz for your domains, as this preserves your brand across all aspects of the SMTP conversation.


Add -include:mail.feedblitz.com to your existing SPF record. Use a tool like mxtoolbox.com to validate the entry and check for RFC compliance issues such as too many DNS hits. (If you hit this issue, a workaround is to use a subdomain as your sender address, and set up a brand new SPF record for that new subdomain).,


Set up a FeedBlitz selector on your domain as follows: feedblitz._domainkey.<yoursendingdomain.tld> and make that a CNAME alias pointing to dkim.mail.feedblitz.com 

Once that's in place, you can set up a DKIM profile in your account at FeedBlitz, validate that it's set up correctly using our UI, and then enable FeedBlitz to use your selector - and so, therefore, authenticate successfully.


Enterprises should have an active DMARC policy in place to help prevent their brand from being spoofed, especially in phishing emails.


As well as using the validator within the FeedBlitz UI to check your settings, the last best thing to do before you email your subscribers in bulk is to test it using an independent service - and Gmail is a great way to do that. Once you're all set up (SPF or DKIM), send a test email from your list's dashboard's settings menu to a gmail account you control.
View the original message, and validate that the DKIM / SPF headers validate for the email using your authentication, not FeedBlitz's. 

If you're an Enterprise account, we also recommend you repeat this test with your inbound email gateway to verify that the authentication is working correctly. 

If neither test works, contact FeedBlitz support. If the gmail test proves the authentication is valid, but your corporate gateway disagrees, you should contact your corporate email firewall provider for advice.

Preventing Spoofing

Although SPF is simpler to set up, it has one distinct disadvantage: It allows any FeedBlitz client to send using your domain, if they want to. This is why we recommend you setup DKIM if at all possible, because DKIM requires configuration in both your DNS and FeedBlitz, and - as such - at FeedBlitz it is restricted to just your account. Only you can validate using your DKIM records.

If SPF is the first or only authentication method available to you, however, FeedBlitz has a solution for Enterprise accounts. After validating that you control the sending domain, you can instruct FeedBlitz to prevent any other account from using that domain as their sender.  This eliminates the service-wide risk that SPF otherwise presents, and is a very good reason for brand-conscious email marketers to upgrade to a FeedBlitz Enterprise account.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.