Branding and Authentication: SPF, DKIM, DMARC

Enterprises should have an active DMARC policy in place to help prevent their brand from being spoofed, especially in phishing emails. 

You can use FeedBlitz without authorizing us - we'll change the sender information (but not the reply-to) to get the best deliverability we can for you. 

However we strongly recommend that you enable SPF and / or DKIM to authenticate FeedBlitz for your domains, as this preserves your brand across all aspects of the SMTP conversation.


Add -include:mail.feedblitz.com to your existing SPF record. Use a tool like mxtoolbox.com to validate the entry, and to check for RFC compliance issues such as too many DNS hits. (If you hit this issue, a workaround is to use a subdomain as your sender address, and set up a brand new SPF record for that new subdomain).


Set up a FeedBlitz selector on your domain as follows: feedblitz._domainkey.<yoursendingdomain.tld> and make that a CNAME alias pointing to dkim.mail.feedblitz.com 

Once that's in place you can set up a DKIM profile in your account at FeedBlitz, validate that it's set up correctly using our UI, and then enable FeedBlitz to use your selector - and so therefore authenticate successfully.


As well as using FeedBlitz's UI to check your settings, the last best thing to do before you email your subscribers in bulk is to test it using an independent service - and gmail is a great way to do that. Once you're all set up (SPF or DKIM), send a test email from your list's dashboard's settings menu to a gmail account you control. View the original message, and validate that the DKIM / SPF headers validate for the email using your authentication, not FeedBlitz's. 

If you're an Enterprise account, we also recommend repeating this test with your own inbound email gateway to verify that the authentication is working correctly. If neither test works, contact FeedBlitz support. If the gmail test proves that the authentication is valid, but your corporate gateway disagrees, you need to contact your corporate email firewall provider for advice.

Preventing Spoofing

Although SPF is simpler to set up, it has one distinct disadvantage: It allows any FeedBlitz client to send using your domain, if they want to. This is why we recommend you setup DKIM if at all possible, because DKIM requires configuration in both your DNS and FeedBlitz, and - as such - at FeedBlitz it is restricted to just your account. Only you can validate using your DKIM records.

If SPF is the first, or only, authentication method available to you, however, FeedBlitz has a solution for Enterprise accounts. After validating that you control the sending domain, you can instruct FeedBlitz to prevent any other account from using that domain as their sender.  This eliminates the service-wide risk that SPF otherwise presents, and is a very good reason for brand-conscious email marketers to upgrade to a FeedBlitz Enterprise account.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.