---
title: "A Complete Guide to Configuring SPF & DKIM for Mailigen (and Why It Matters) | AutoSPF"
description: "In the fast-paced digital world, your inbox is both a critical communication channel and a major point of vulnerability."
image: "https://autospf.com/og/blog/a-complete-guide-to-configuring-spf-and-dkim-for-mailigen.png"
canonical: "https://autospf.com/blog/a-complete-guide-to-configuring-spf-and-dkim-for-mailigen/"
---

Quick Answer

In the fast-paced digital world, your inbox is both a critical communication channel and a major point of vulnerability. Every day, millions of legitimate emails are sent - but alongside them, malicious actors attempt to impersonate legitimate companies and domains. That’s where email authentication steps in.

## Try Our Free DKIM Lookup

Auto-discover DKIM selectors for any domain.

[ Discover DKIM Selectors → ](/tools/dkim-lookup/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fautospf.com%2Fblog%2Fa-complete-guide-to-configuring-spf-and-dkim-for-mailigen%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=A%20Complete%20Guide%20to%20Configuring%20SPF%20%26%20DKIM%20for%20Mailigen%20%28and%20Why%20It%20Matters%29&url=https%3A%2F%2Fautospf.com%2Fblog%2Fa-complete-guide-to-configuring-spf-and-dkim-for-mailigen%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fautospf.com%2Fblog%2Fa-complete-guide-to-configuring-spf-and-dkim-for-mailigen%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fautospf.com%2Fblog%2Fa-complete-guide-to-configuring-spf-and-dkim-for-mailigen%2F&title=A%20Complete%20Guide%20to%20Configuring%20SPF%20%26%20DKIM%20for%20Mailigen%20%28and%20Why%20It%20Matters%29 "Share on Reddit") [ ](mailto:?subject=A%20Complete%20Guide%20to%20Configuring%20SPF%20%26%20DKIM%20for%20Mailigen%20%28and%20Why%20It%20Matters%29&body=Check out this article: https%3A%2F%2Fautospf.com%2Fblog%2Fa-complete-guide-to-configuring-spf-and-dkim-for-mailigen%2F "Share via Email") 

![Configuring SPF & DKIM](https://media.mailhop.org/autospf/images/2025/12/spf-record-checker-6321.jpg) 

In the fast-paced digital world, your inbox is both a critical communication channel and a major point of vulnerability. Every day, millions of legitimate emails are sent - but alongside them, malicious actors attempt to impersonate legitimate companies and domains. That’s where [email authentication](/blog/spf-record-explained-understanding-email-authentication-for-your-domain/) steps in.

_DKIM ([RFC 6376](https://datatracker.ietf.org/doc/html/rfc6376)) signs email messages cryptographically, and unlike SPF, the signature survives email forwarding - which is why DMARC alignment via DKIM is more reliable than SPF alignment for forwarded mail and mailing lists._

Today, we’ll walk you through how to configure SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) for Mailigen - a popular email marketing platform - to ensure your messages are trusted, delivered, and safe from spoofing or [spam filters](https://www.techtarget.com/searchsecurity/definition/spam-filter). This guide goes beyond a simple checklist. We explain _why_ these things matter and _how_ they work under the hood so you can confidently secure your mail streams. 

## Why Email Authentication Matters

Before diving into setup, let’s talk about the big picture.

_Modern email systems don’t just trust a “From” address anymore - that address can be easily spoofed_. Instead, mail receivers apply a set of authentication protocols to determine whether a message _actually came from who it claims to._ Two of the core building blocks of authentication are SPF and DKIM.

Together with DMARC (Domain-based Message Authentication, Reporting & Conformance), SPF and DKIM help:

- Prove that emails came from authorized servers
- Protect your domain from abuse and impersonation
- Improve inbox deliverability
- Reduce the chance of ending up in spam folders

Understanding the _function_ and _purpose_ of each is an investment in your brand’s reputation and email security.

## What Is SPF - The First Line of Defense?

Sender Policy Framework (SPF) is a DNS-based security protocol that lets domain owners specify which [mail servers](https://www.cloudflare.com/learning/email-security/what-is-a-mail-server/) are permitted to send email on their behalf.

Think of SPF like a whitelist of valid senders. When a mail server (like Gmail, Outlook, Yahoo, etc.) receives an email, it:

1. Looks up your [SPF record](/blog/spf-records-in-dns-a-complete-guide-for-email-security/) in DNS
2. Checks if the sending server’s IP matches an approved source
3. Determines whether to accept, flag, or reject the email
![Email authentication](https://media.mailhop.org/autospf/images/2025/12/spf-record-syntax-4996.jpg) 

If an email is _not_ sent from an authorized source, SPF fails - and that email may be marked as spam, deferred, or blocked entirely.

Setting SPF correctly is essential, but it’s also something that can be misconfigured if not carefully managed - especially when multiple services send mail on your behalf.

## What Is DKIM - Securing Email Integrity?

DomainKeys Identified Mail (DKIM) adds a cryptographic signature to your emails.

When you send mail, your server (or your ESP, like Mailigen) signs the outgoing message with a [private key](https://www.techtarget.com/searchsecurity/definition/private-key). The recipient’s email server fetches the corresponding [public key](https://www.investopedia.com/terms/p/public-key.asp) from your DNS and verifies the signature.

If the signature matches:

- The message _truly came from the source it claims_
- The message has _not been altered in transit_

This is crucial in preventing tampering and proving authenticity.

DKIM doesn’t check _which servers are authorized_ to send mail - it checks _whether the message was signed using your domain’s key_. That’s why it works so well alongside SPF and DMARC.

## So What About Mailigen?

Mailigen is an email marketing platform that businesses use to design, schedule, and send campaigns. But like all third-party senders, it needs a way to prove that it is legitimately sending emails _on behalf of your domain_.

Without proper SPF or [DKIM configuration](https://www.zoho.com/mail/help/adminconsole/dkim-configuration.html), mail receivers don’t have enough verification data - which can lead to:

- Emails getting lost in spam folders
- Messages being marked as suspicious
- DMARC failures due to lack of alignment between headers and authentication
![email security](https://media.mailhop.org/autospf/images/2025/12/spf-record-tester-1227.jpg) 

Let’s look at how to configure both SPF and DKIM correctly. 

## Step-by-Step: Configuring SPF for Mailigen

### 1\. Review Existing SPF Records

Before you add anything new, check whether your domain already has an SPF record. A domain can _only have one SPF record_, and having more than one can cause a “PermError,” meaning SPF checks break entirely.

In DNS, SPF records look like this:

```
v=spf1 include:spf.service1.com include:spf.service2.com ~all
```

Every service that sends mail on your domain’s behalf must be included here, either by IP or include statement.

### 2\. Why Mailigen’s Default SPF Isn’t Enough

Mailigen provides an SPF source - typically something like:

include:spf.mailigen.com

However, at the time of writing, that SPF source is essentially an _empty entry_ and doesn’t actually help your mail pass SPF checks if it’s the only thing in your SPF record.

[AutoSPF](/) recommends against relying solely on this record because it doesn’t increase deliverability or authentication trust on its own. 

### 3\. Building a Strong SPF Record

Here’s what a good, combined SPF record might look like if you use multiple services:

v=spf1 include:spf.google.com include:\_spf.mailchimp.com ip4:203.0.113.5 \~all

Key points:

- Only _one_ SPF record per domain
- Include every trusted sending source
- Use \~all for soft fail during testing, and consider switching to -all (hard fail) once everything is validated

## Step-by-Step: Configuring DKIM for Mailigen

### 1\. Log into Mailigen

Start by signing in to your Mailigen dashboard.

1. Go to the Email Authentication section, this may be under settings or domain manager depending on UI updates.
2. Choose Add a Domain.
3. Enter the domain you want to authenticate.

Once that’s done, Mailigen will provide your DKIM DNS records. 

2\. Publish the DKIM Record in Your DNS

Mailigen will generate a selector and a key value - these come in a format like:

Name/Host: selector.\_domainkey.yourdomain.com

Value: (long DKIM public key string)

In your DNS provider’s panel:

1. Create a TXT record
2. Set the Host/Name to the selector provided
3. Paste the DKIM key into the Value field
4. Save and publish the record
![Email deliverabilty](https://media.mailhop.org/autospf/images/2025/12/spf-validator-0841.jpg) 

### 3\. Validate DKIM Publication

Propagation can take anywhere from a few minutes up to 48 hours (depending on TTL settings), but once the DNS change takes effect, you _should_ see DKIM signatures pass on outgoing mail. Many [DNS providers](https://auq.io/knowledge-base/what-is-a-dns-provider/) and mail tools offer built-in validation - you can also use third-party DMARC/Email authentication checkers to confirm things are working.

### 4\. DKIM + SPF = Better DMARC Alignment

Remember: DMARC looks at alignment - not just authentication.

- SPF alignment means the _return-path domain_ matches your “From” domain
- DKIM alignment means the _signed domain_ matches your “From” domain

If either SPF or DKIM passes alignment, DMARC will consider the message legitimate - so having both provides redundancy and better security.

Beyond SPF & DKIM: Best Practices

### 1\. Use DMARC for Enforcement Too

Even after SPF and DKIM are set, you’ll want to configure a DMARC record so you can:

- Monitor authentication results
- Receive reports about who is sending mail for your domain
- Enforce quarantine or reject for [suspicious messages](https://www.nbcnews.com/tech/security/text-scam-phone-sms-hack-message-fake-transaction-call-new-york-rcna243349)

A simple DMARC record might look like:

```
v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com
```

This lets you collect reports without affecting flow. Once you’re confident everything is valid, consider switching to quarantine or reject to enforce policy. 

![Suspicious message](https://media.mailhop.org/autospf/images/2025/12/spf-flattening-5114.jpg) 

### 2\. Don’t Use “+all” in SPF

The +all mechanism tells receivers to trust _any_ sending source - effectively disabling SPF. It’s a dangerous configuration that should never be used. Instead, stick with \~all (soft fail) or -all (hard fail) once you’re confident your SPF is correct. 

### 3\. Rotate DKIM Keys Periodically

Using stronger, [rotated keys](https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/KMS/key-rotation-enabled.html) (2048-bit or more) and updating them regularly improves security. Many mail providers help automate this - if not, you can generate new keys and update the DNS as needed.

![Vishal Lamba](https://media.mailhop.org/autospf/images/authors/vishal-lamba.jpg) 

[ Vishal Lamba ](/authors/vishal-lamba/) 

Content Specialist

Content Specialist at AutoSPF. Writes vendor-specific SPF configuration guides and troubleshooting walkthroughs.

[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/) 

## Ready to get started?

Try AutoSPF free — no credit card required.

[ Book a Demo ](/book-a-demo/) 

## Related Articles

[  Intermediate 6m  10 Reasons Why DIY-ing SPF isn’t a Good Choice for Companies  Apr 4, 2024 ](/blog/10-reasons-diy-ing-spf-isnt-good-choice-for-companies/)[  Intermediate 5m  The 12.4 billion shield for your email communications: Why DMARC software is the unsung hero in the war against phishing actors!  Nov 19, 2025 ](/blog/12-4-billion-dmarc-software-shield-protecting-email-from-phishing-actors/)[  Intermediate 3m  3 points to consider before setting your SPF record to -all (HardFail)  May 22, 2025 ](/blog/3-points-to-consider-before-setting-your-spf-record-hardfail/)[  Intermediate 3m  5 key contributors to the development of the Sender Policy Framework  Nov 12, 2024 ](/blog/5-key-contributors-to-sender-policy-framework-development/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"AutoSPF","url":"https://autospf.com","description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","publisher":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"A Complete Guide to Configuring SPF & DKIM for Mailigen (and Why It Matters)","description":"In the fast-paced digital world, your inbox is both a critical communication channel and a major point of vulnerability.","url":"https://autospf.com/blog/a-complete-guide-to-configuring-spf-and-dkim-for-mailigen/","datePublished":"2025-12-25T17:52:32.000Z","dateModified":"2026-04-18T02:36:41.000Z","dateCreated":"2025-12-25T17:52:32.000Z","author":{"@type":"Person","@id":"https://autospf.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://autospf.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes AutoSPF's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/autospf/images/authors/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"AutoSPF","url":"https://autospf.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com","logo":{"@type":"ImageObject","url":"https://autospf.com/images/autospf-logo.png"},"description":"Automatic SPF flattening and email authentication management. Resolve SPF lookup limits, flatten SPF records, and maintain email deliverability across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138897474","https://www.linkedin.com/company/autospf","https://x.com/autospf01","https://www.g2.com/products/autospf/reviews"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://autospf.com/contact-us/"},"knowsAbout":["SPF Record Flattening","Sender Policy Framework","Email Authentication","DNS Management","DMARC","DKIM"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://autospf.com/blog/a-complete-guide-to-configuring-spf-and-dkim-for-mailigen/"},"articleSection":"intermediate","keywords":"","wordCount":1254,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/autospf/images/2025/12/spf-record-checker-6321.jpg","caption":"Configuring SPF & DKIM","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://autospf.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://autospf.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://autospf.com/intermediate/"},{"@type":"ListItem","position":4,"name":"A Complete Guide to Configuring SPF & DKIM for Mailigen (and Why It Matters)","item":"https://autospf.com/blog/a-complete-guide-to-configuring-spf-and-dkim-for-mailigen/"}]}
```