Documentation

Email setup and deliverability

This guide explains what to configure on your side so mail sent through Smailor is authenticated and arrives reliably. Technical operations (servers, relays, inbound routing) are managed by Smailor; you only maintain DNS for domains you verify in the product.

For DKIM TXT records step by step, see DKIM setup in the documentation hub.

Why SPF, DKIM, and DMARC

Together they tell mailbox providers that your messages are legitimate and aligned with your domain:

  • SPF lists which servers are allowed to send mail from your domain.
  • DKIM adds a cryptographic signature proving the message was authorized (Smailor signs with keys we operate; you publish the public part in DNS).
  • DMARC tells receivers what to do when SPF/DKIM do not align, and enables aggregate reporting.

Without a coherent setup, messages are more likely to land in spam or be delayed.

What you do in Smailor

  1. Open Settings → Domains and add your domain or subdomain.
  2. Complete domain verification (ownership record) exactly as shown in the dashboard.
  3. Add inbound MX records when the product asks you to — they route replies and incoming mail correctly.
  4. Add SPF, DKIM, and DMARC using the values and hostnames copied from Smailor (or follow the DKIM guide for the TXT format).
  5. Use Deliverability → Verify DNS after changes; wait for propagation (often minutes, sometimes up to 24–48 hours).

Exact record names vary by registrar (some use @, some use the full hostname). Paste what Smailor shows and avoid duplicates for the same purpose.

SPF

  • Publish a single SPF TXT record for the hostname that sends mail (often the apex or your mail subdomain).
  • Include every path that legitimately sends on your behalf. Smailor’s dashboard reflects what must appear for mail we send for you — do not remove required includes when editing other providers.
  • Start with ~all (soft fail) until you are sure every legitimate source is listed, then consider -all when your stack is stable.

DKIM

Smailor uses a published TXT record at the host we give you (for example under _domainkey). The public key material is shared across customers where our product specifies that model; only the hostname changes per domain.

Never paste a private key into DNS — only what the app labels as the public DKIM record.

DMARC

  1. Begin with p=none and a rua= mailbox you control (reports are optional but helpful).
  2. When reports show steady alignment for legitimate mail, move toward quarantine with a low pct, then reject only if every sending path aligns.

BIMI and some inbox features expect a working DMARC policy — see BIMI setup when you need branding in the inbox.

BIMI (optional)

See BIMI setup: you need HTTPS-hosted SVG artwork and DMARC before providers will show your logo.

Checklist

  • Domain verified in Smailor
  • MX for inbound according to Smailor
  • SPF TXT present and validated
  • DKIM TXT present and verified in the app
  • DMARC TXT present (often p=none first)

If something fails

  1. Re-run Verify DNS in Smailor after 15–60 minutes.
  2. Check for typos, duplicate SPF records, or a proxy wrongly enabled on MX/CNAME rows (many providers require “DNS only” for mail records).
  3. Use external validators (for example SPF/DKIM checkers and mail-tester.com) — treat scores as diagnostics, not guarantees.

Need help beyond this guide? Use support from the documentation hub.

Back to docs

Found an issue? Contribute on GitHub →