Verifying Your Domain in Mailvo

Before you start adding DNS records, you'll need to verify that you actually own the domain you're setting up. 

Here's how:

1. Log in to your Mailvo account and add your domain.

2. You'll be asked to enter an email address that belongs to that domain. For example, if you're setting up yourdomain.com, the email needs to be something like you@yourdomain.com. This is usually your Google Workspace or business email. The domain of the email address must match the domain you're verifying; an email on a different domain won't work.

3. Click "Send Verification Email."

4. Go to the inbox of the email address you entered and look for the verification email from Mailvo.

5. Click the verification link in that email, and your domain will be verified.

Once verified, Mailvo will show you the DNS records you need to add, and you can proceed with the rest of this guide.

Don't have a mailbox on your domain? Just open a support ticket with us and we'll verify the domain on our end for you. This also applies if you're running into any issues with the verification email not arriving or the link not working.

Domain authentication

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to every email you send. When a receiving server gets your email, it checks this signature against a public key published in your DNS records. If the signature matches, the server knows the email actually came from you and wasn't altered in transit. Think of it as a tamper-proof seal on your messages.

The record you're adding:

• Record type: CNAME

• Host/Name: mp1._domainkey

• Value: dkim.ourmailsender.com

---

How to add or edit it — by DNS provider:

Cloudflare

1. Log in to your Cloudflare dashboard and select your domain.

2. Go to DNS → Records.

3. Look for an existing CNAME record with mp1._domainkey as the name.

4. If one exists, click Edit and update the target to dkim.ourmailsender.com.

5. If none exists, click "Add record," set the type to CNAME, enter mp1._domainkey in the Name field, and paste dkim.ourmailsender.com in the Content field.

6. Make sure Proxy status is set to "DNS only" (grey cloud).

7. Click Save.

Namecheap

1. Log in to Namecheap → Domain List → Manage → Advanced DNS.

2. Look for an existing CNAME record with mp1._domainkey as the host.

3. If one exists, click the pencil icon to edit and update the value to dkim.ourmailsender.com.

4. If none exists, click "Add New Record," select CNAME, enter mp1._domainkey in the Host field, and paste dkim.ourmailsender.com in the Value field.

5. Leave TTL as Automatic.

6. Click the green checkmark to save.

GoDaddy

1. Log in to GoDaddy → My Products → DNS.

2. Look through your CNAME records for one with mp1._domainkey as the name.

3. If one exists, click the pencil icon and update the value to dkim.ourmailsender.com.

4. If none exists, click "Add," select CNAME as the record type, enter mp1._domainkey in the Name field (GoDaddy auto-appends your domain, so don't include it), and paste dkim.ourmailsender.com in the Value field.

5. Set TTL to 1 Hour or the default.

6. Click Save.

---

Important: If you're setting this up on a subdomain, that subdomain MUST have its own DKIM record. It does not inherit DKIM from your root domain.

SPF (Sender Policy Framework)

SPF tells receiving mail servers which servers are authorized to send emails on behalf of your domain. When an email arrives, the receiving server checks your domain's SPF record to see if the sending server is on the approved list. If it's not, the email is more likely to be flagged as spam or rejected entirely.

Before you add a new record — check if you already have one:

This is critical. Your domain can only have one SPF record. If you already have an SPF record and you add a second one, both will break and none of your email authentication will work. So before doing anything, check your existing DNS records for a TXT record that starts with v=spf1.

• If you don't have one, create a new TXT record with the value below.

• If you already have one, don't create a new record. Instead, edit the existing one and add the Mailvo include value into it (before the ~all at the end).

The SPF record you need:

v=spf1 include:spf_234mailvio.ourmailsender.com ~all

If you're combining it with other services (like Google Workspace, Microsoft 365, etc.), it would look something like this (and that would already be there for you to copy inside Mailvio):

v=spf1 include:_spf.google.com include:spf_234mailvio.ourmailsender.com ~all

The key rule: all your include: statements go in the middle, and ~all appear only ONCE, at the very end. Never add ~all twice.

---

⚠️ Important! Remove the old include if you see it:

Some accounts may have an older SPF, including one that looks like this:

include:spf.ourmailsender.com

If you see this in your current SPF record, remove it. This is an outdated value from our side. 

include:spf_234mailvio.ourmailsender.com

So if your record currently looks like this:

v=spf1include:spf_234mailvio.ourmailsender.com include:spf.ourmailsender.com ~all

Change it to:

v=spf1 include:spf_234mailvio.ourmailsender.com ~all

---

How to add or edit it — by DNS provider:

Cloudflare

1. Log in to Cloudflare and select your domain.

2. Go to DNS → Records.

3. Look for an existing TXT record starting with v=spf1.

4. If one exists, click Edit and add include:spf_234mailvio.ourmailsender.com before the ~all. If the old include:spf.ourmailsender.com is there, remove it.

5. If none exists, click "Add record," set type to TXT, set Name to @, and paste the full SPF value.

6. Click Save.

Namecheap

1. Log in to Namecheap → Domain List → Manage → Advanced DNS.

2. Look for an existing TXT record with v=spf1 in the value.

3. If one exists, click the pencil icon to edit. Add the Mailvo include before ~all and remove the old one if present.

4. If none exists, click "Add New Record," select TXT, set Host to @, and paste the full SPF value.

5. Click the green checkmark to save.

GoDaddy

1. Log in to GoDaddy → My Products → DNS.

2. Look through your TXT records for one starting with v=spf1.

3. If one exists, click the pencil icon, update the value by adding the Mailvo include before ~all, and remove the old include if it's there.

4. If none exists, click "Add," select TXT, set Name to @, and paste the full SPF value.

5. Set TTL to 1 Hour and click Save.

---

Important: Just like DKIM, subdomains MUST have their own SPF record. Your root domain's SPF record does not cover subdomains. DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC ties your SPF and DKIM setup together by telling receiving servers what to do when an email fails authentication, and it gives you visibility into what's happening with your domain's email traffic through reports. The end goal here is a reject policy, which means any email that fails authentication gets rejected outright. This is the strongest protection against spoofing and phishing using your domain.

Before you start, make sure of this first:

DMARC only works properly if SPF and DKIM are already set up and working. Before touching DMARC, confirm that every platform you use to send email (Mailvo, Google Workspace, Microsoft 365, your CRM, transactional email service, any other ESP, etc.) is included in your SPF record. If you miss one, legitimate emails from that platform will start failing once you move to a reject policy.

---

Step 1: Set up DMARC monitoring with Postmark

Before going straight to reject, you'll start with a monitoring-only policy so you can see what's happening with your domain's email first. This is important, and it lets you catch any misconfigurations before they cause real emails to bounce.

1. Go to Postmark's DMARC Monitoring Tool.

2. Enter your email address.

3. Enter your domain name.

4. Click "Get Started for Free."

Postmark will generate a DMARC record for you that looks something like this:

v=DMARC1; p=none; pct=100; rua=mailto:re+youruniqueid@dmarc.postmarkapp.com; sp=none; aspf=r;

This is a p=none policy & it doesn't block anything. It just monitors and sends you weekly reports showing how your domain is performing: whether emails are passing or failing SPF/DKIM alignment, if anyone is spoofing your domain, and if any of your legitimate sending platforms are misconfigured.

---

Step 2: Upgrade to a reject policy with forensic reporting

Now it's time to upgrade to a reject policy.

Take your Postmark-generated DMARC record and use ChatGPT or any LLM you prefer. Give it a simple prompt: ask it to change the policy from none to reject, change the subdomain policy (sp) from none to reject, and add a ruf (forensic reporting) tag pointing to the same Postmark email address.

Your final DMARC record should look something like this:

v=DMARC1; p=reject; pct=100; rua=mailto:re+youruniqueid@dmarc.postmarkapp.com; ruf=mailto:re+youruniqueid@dmarc.postmarkapp.com; sp=reject; aspf=r;

Here's what changed and why:

• p=reject — Emails that fail authentication get rejected, not just monitored.

• sp=reject — Same reject policy applies to subdomains.

• ruf=mailto:... — Adds forensic reports, which give you detailed failure data on individual emails, not just aggregate summaries.

---

Before you add the record — check if you already have one:

Look through your DNS for a TXT record with the host/name _dmarc. If one already exists, don't create a second one; just edit the existing record and replace the value entirely with your new DMARC record. Most likely the old one has p=none or p=reject without the reporting tags. Just having p=none or p=reject by itself isn't enough; you need the full record with rua and ruf reporting set up.

The record you're adding:

• Record type: TXT

• Host/Name: _dmarc

• Value: Your final DMARC record from Step 2

---

How to add or edit it — by DNS provider:

Cloudflare

1. Log in to your Cloudflare dashboard and select your domain.

2. Go to DNS → Records.

3. Look for an existing TXT record with _dmarc as the name.

4. If one exists, click Edit and replace the entire value with your final DMARC record.

5. If none exists, click "Add record," set the type to TXT, enter _dmarc in the Name field, and paste your full DMARC record in the Content field.

6. Click Save.

Namecheap

1. Log in to Namecheap → Domain List → Manage → Advanced DNS.

2. Look for an existing TXT record with _dmarc as the host.

3. If one exists, click the pencil icon to edit and replace the value with your final DMARC record.

4. If none exists, click "Add New Record," select TXT, enter _dmarc in the Host field, and paste your full DMARC record in the Value field.

5. Leave TTL as Automatic.

6. Click the green checkmark to save.

GoDaddy

1. Log in to GoDaddy → My Products → DNS.

2. Look through your TXT records for one with _dmarc as the name.

3. If one exists, click the pencil icon and replace the value with your final DMARC record.

4. If none exists, click "Add," select TXT, enter _dmarc in the Name field (GoDaddy auto-appends your domain), and paste your full DMARC record in the Value field.

5. Set TTL to 1 Hour or the default.

6. Click Save.

---

Important: DMARC should be one of the last DNS records you add. Set up SPF and DKIM first, verify they're working, then add DMARC.

Whitelabel Tracking & CDN Subdomain

When you send emails through Mailvo, open and click tracking links default to generic Mailvo URLs. Whitelabel tracking replaces those with your own branded subdomain, so your recipients see links under your domain instead of a third-party one. This improves both deliverability and trust; email providers and recipients are more likely to trust links that match your sending domain.

The CDN subdomain works similarly, but for images and assets in your emails. Instead of loading from a generic CDN, your images load through a subdomain on your domain, which keeps everything consistent and branded.

You're adding two CNAME records here.

---

Record 1 — Tracking Subdomain

• Record type: CNAME

• Host/Name: mptrack

• Value: api.ourmailsender.com

This handles open and click tracking under your own domain.

Record 2 — CDN Subdomain

• Record type: CNAME

• Host/Name: mpcdn

• Value: cdn1.ourmailsender.com

This serves your email images and assets through a CDN on your own domain.

---

How to add or edit — by DNS provider:

Cloudflare

1. Log in to your Cloudflare dashboard and select your domain.

2. Go to DNS → Records.

3. Click "Add record" for each one:

• First record: Type = CNAME, Name = mptrack

• Target = api.ourmailsender.com

• Set Proxy status to "DNS only" (grey cloud).

• Second record: Type = CNAME, Name = mpcdn

• Target = cdn1.ourmailsender.com

• Set Proxy status to "DNS only" (grey cloud).

4. Click Save after each.

Namecheap

1. Log in to Namecheap → Domain List → Manage → Advanced DNS.

2. "Add New Record" for each:

• First: Type = CNAME, Host = mptrack, Value = api.ourmailsender.com

• Second: Type = CNAME, Host = mpcdn, Value = cdn1.ourmailsender.com

3. Leave TTL as Automatic for both.

4. Click the green checkmark to save each.

GoDaddy

1. Log in to GoDaddy → My Products → DNS.

2. Click "Add" for each:

• First: Type = CNAME, Name = mptrack, Value = api.ourmailsender.com.

• Second: Type = CNAME, Name = mpcdn, Value = cdn1.ourmailsender.com.

3. Set TTL to 1 Hour or the default for both.

4. Click Save after each.

Custom MX (Mail Exchange) Records

Custom MX lets your emails appear as if they're originating directly from your domain instead of from Mailvo. This is a separate setup from your root domain's mail configuration. These records go on a subdomain (mpmail) specifically for Mailvo's sending infrastructure.

You're adding three records here: one MX record, one CNAME record for DKIM on the subdomain, and one TXT record for SPF on the subdomain.

The records you're adding:

Record 1 — MX Record

• Record type: MX

• Host/Name: mpmail

• Value: mail.ourmailsender.com

• Priority: 10 

Record 2 — CNAME Record (DKIM for the subdomain)

• Record type: CNAME

• Host/Name: mp1._domainkey.mpmail

• Value: dkim.ourmailsender.com

Record 3 — TXT Record (SPF for the subdomain)

• Record type: TXT

• Host/Name: mpmail

• Value: v=spf1 include:spf_234mailvio.ourmailsender.com ~all

How to add them — by DNS provider:

Cloudflare

1. Log in to your Cloudflare dashboard and select your domain.

2. Go to DNS → Records.

3. Click "Add record" and add each of the three records above:

• First: Type = MX, Name = mpmail, Mail server = mail.ourmailsender.com, Priority = 10

• Second: Type = CNAME, Name = mp1._domainkey.mpmail, Target = dkim.ourmailsender.com. Set Proxy status to "DNS only" (grey cloud).

• Third: Type = TXT, Name = mpmail, Content = v=spf1 include:spf_234mailvio.ourmailsender.com ~all.

4. Click Save after each.

Namecheap

1. Log in to Namecheap → Domain List → Manage → Advanced DNS.

2. Add each of the three records:

• First: Go to Mail Settings and then click "Add New Record," select MX Record, Host = mpmail, Value = mail.ourmailsender.com, Priority = 10

• Second: Select CNAME Record, Host = mp1._domainkey.mpmail, Value = dkim.ourmailsender.com.

• Third: Select TXT Record, Host = mpmail, Value = v=spf1 include:spf_234mailvio.ourmailsender.com ~all.

3. Leave TTL as Automatic for all three.

4. Click the green checkmark to save each.

GoDaddy

1. Log in to GoDaddy → My Products → DNS.

2. Click "Add" for each of the three records:

• First: Type = MX, Name = mpmail, Value = mail.ourmailsender.com, Priority = 10

• Second: Type = CNAME, Name = mp1._domainkey.mpmail, Value = dkim.ourmailsender.com.

• Third: Type = TXT, Name = mpmail, Value = v=spf1 include:spf_234mailvio.ourmailsender.com ~all.

3. Set TTL to 1 Hour or the default for all three.

4. Click Save after each.

Why does this subdomain need its own SPF and DKIM?

Because subdomains do not inherit authentication records from the root domain. The mpmail subdomain is its own sending identity, so it needs its own SPF and DKIM to pass authentication checks. 

Setting up Custom MX on a subdomain?

If you're configuring Mailvo on a subdomain (for example, mail.yourdomain.com instead of yourdomain.com), the Mailvo dashboard will show the same record hosts as it does for a root domain mpmail, mp1._domainkey.mpmail, etc. But you need to manually prepend your subdomain to each of these hosts when adding them to your DNS.

So if your sending domain is mail.yourdomain.com, your records would look like this:

• MX record host: mail.mpmail (instead of just mpmail)

• CNAME record host: mail.mp1._domainkey.mpmail (instead of just mp1._domainkey.mpmail)

• TXT record host: mail.mpmail (instead of just mpmail)

The values/targets stay the same, only the host/name changes.

Note: This is a known limitation on our side. The Mailvo dashboard currently doesn't automatically adjust these hosts for subdomains; it shows them as if you're setting up a root domain. We're working on fixing this, but for now, just remember to add your subdomain prefix to each host manually.

A Note on Subdomains

If you're setting up email sending on a subdomain (like mail.yourdomain.com or newsletter.yourdomain.com), there's one thing you absolutely need to understand: subdomains do not inherit any authentication records from your root domain. None of them.

Your root domain's SPF record doesn't apply to your subdomain. Your root domain's DKIM doesn't cover it either. DMARC, Custom MX, Whitelabel tracking, none of it carries over.

Every subdomain is treated as its own separate sending identity. That means if you've already gone through this entire guide for yourdomain.com and now you want to send from mail.yourdomain.com, you need to go through the full setup again: SPF, DKIM, DMARC, Custom MX, and Whitelabel tracking — specifically for that subdomain.

The records will look mostly the same, but the host/name fields will change to reflect the subdomain. Mailvo will generate the correct values for you when you add the subdomain in your dashboard, but as mentioned in the Custom MX section above, double-check that the hosts are prefixed correctly since the dashboard doesn't always adjust them automatically for subdomains yet.

Verifying Your Records

Once you've added all your DNS records, it's time to verify everything is working. As you go through the Mailvo setup flow, you'll click "Continue" after each step, and at the final step, you'll click "Continue and Verify Records."

Mailvo will check your records and show you the status of each one:

• SPF and DKIM records — verified

• DMARC record — verified

• Tracking subdomain — verified

• CDN subdomain — verified

When all four show as verified, click "Back to Mailvo" and you should see a 10 out of 10 deliverability score, your authentication status showing as "Authenticated," and your domain showing as "Verified."

But you're not done yet.

Go back to your domain list in Mailvo. You'll see your domain with its Verification, Authentication, and Deliverability Score columns. On the far right side of your domain's row, you'll notice a small three-dot icon (⋮). Click on it. A dropdown menu will appear, and from there select "Set up MX Records."

Click on "Set up MX Records" and you'll see the three MX-related records (the MX record, the subdomain DKIM CNAME, and the subdomain SPF TXT) that we covered earlier in this guide. If you've already added them to your DNS manager, just click "Verify Records." If everything is set up correctly, the pop-up will close on its own, and the option will no longer appear. That means your MX records are verified, and you're all set.

If something isn't right, you'll see a red border around the specific record that's failing. Go back to your DNS manager, double-check that record's host and value, make sure there are no typos or extra spaces, and try verifying again. Remember, DNS propagation can take a few hours, so if you just added the records, give it some time before retrying.

You're All Set!

Congratulations! Your domain is now fully authenticated with Mailvo. You've got SPF, DKIM, DMARC, Custom MX, and Whitelabel tracking all configured, verified, and ready to go. Your emails will now send with the best possible deliverability and full brand consistency.

If you have any questions, run into any issues, or feel like something might be missing, don't hesitate to reach out. 

Open a support ticket at support@mailvo.com and we'll be happy to help. We can also set up the entire domain authentication for you on your behalf if you'd prefer; just let us know.

Thanks for reading, and happy sending!