How to configure SPF, DKIM and DMARC for sending domains

Last Updated: 17/4/2024     Tags: configure sending domains, sending domains, domains, spf, dkim
  • Switch Version
  • V5
  • V4

The following steps outline how you can configure your sending domain/s in Taguchi for SPF, DKIM and DMARC.

Setting up SPF, DKIM and DMARC on a sending domain:

  1. An Administrator in your organisation needs to navigate to Settings > Domain to configure MTA's in the 'Sending Domains' section. Sending Domains
    • Click Add Sending Domain and input the From domain (the main sender address shown in email clients)
    • Add the return-path sub-domain component. For example if the From domain is, entering bounce into the 'return-path' field will make the return-path address become The return-path address is not user-visible.
    • Select DKIM selector.
      • tagXXXX vs dkimXXXX is purely what name you prefer (slightly identifying Taguchi or not)
      • 1024 vs 2048 relates to the security level. 2048 is more secure, however, for marketing emails 1024 is more than suitable.
    • Click Save
  2. After saving, Taguchi needs to be authorized to send using this domain. You need to create the DNS CNAME and TXT records shown under the 'DNS Records' column, which will enable DKIM signing using the DKIM selector you chose.
  3. After you have created the necessary DNS records, please contact Taguchi Support, as your template/s will need to be updated with the custom return-path domain (adding the custom envelope-from domain to the Return-Path header). It is critical that the MTAs have been configured before the templates are updated.
  4. Once DNS records have been configured and the template updates has been validated validated, you may enable DMARC in your organization. Setting up the sub-domain and pointing the CNAME to and implementing the above on our end ensures that emails sent through Taguchi are DMARC ready. You will need to undertake further work on your end to set up DMARC fully, as all mail sources for your organization will need to be configured to support it.

Note: The sending domain status will initially show 'Pending'. Within 24 hours of creating the DNS records, it will change to 'Authorized'. Once our mail servers have been updated (which occurs daily between 8-9AM) and the domain is available the status will display 'Configured'.