Skip to main content
Intermediate 6 min read

Mailjet SPF and DKIM Setup: A Complete Deliverability Guide by AutoSPF

VL
Vishal Lamba Content Specialist
Updated April 7, 2026 | Updated for 2026

Quick Answer

Email deliverability is not a guessing game. When organizations use third-party email platforms like Mailjet, proper SPF and DKIM configuration becomes a non-negotiable requirement for inbox placement, brand trust, and domain reputation. At AutoSPF, we routinely see legitimate Mailjet emails fail authentication—not because Mailjet is misconfigured, but because SPF and DKIM were implemented incorrectly at the DNS level.

Related: Free DKIM Lookup ·Free DMARC Checker ·How to Create an SPF Record

Share
SPF and DKIM Setup

Try Our Free DKIM Lookup

Auto-discover DKIM selectors for any domain — scan 185 common selectors across all major providers.

Discover DKIM Selectors →

Email deliverability is not a guessing game. When organizations use third-party email platforms like Mailjet, proper SPF and DKIM configuration becomes a non-negotiable requirement for inbox placement, brand trust, and domain reputation.

“Email deliverability starts with authentication,” says Brad Slavin, CEO of DuoCircle. “In 2026, if your SPF, DKIM, and DMARC aren’t all passing and aligned, your email goes to spam. It’s not about content anymore — receivers check authentication before they even look at what you wrote.”

DKIM (RFC 6376) signs email messages cryptographically, and unlike SPF, the signature survives email forwarding — which is why DMARC alignment via DKIM is more reliable than SPF alignment for forwarded mail and mailing lists.

At AutoSPF, we routinely see legitimate Mailjet emails fail authentication—not because Mailjet is misconfigured, but because SPF and DKIM were implemented incorrectly at the DNS level. Missing mechanisms, overwritten records, alignment issues, and lookup limits are all common culprits.

This guide walks through how to correctly set up SPF and DKIM for Mailjet, explains why each step matters, and highlights the most common mistakes that silently harm delivery. Whether you manage one domain or hundreds, this guide will help you get it right the first time.

Why SPF and DKIM Matter for Mailjet Email Sending

Mailjet is a high-volume email service provider used for transactional and marketing emails. Because Mailjet sends email on behalf of your domain, mailbox providers must be able to verify that Mailjet is authorized to do so.

SPF and DKIM serve different but complementary purposes:

  • SPF (Sender Policy Framework) verifies which servers are allowed to send mail for your domain

  • DKIM (DomainKeys Identified Mail) verifies that the message content hasn’t been altered and is cryptographically signed by your domain

Without both:

  • Gmail may place messages in spam

  • Microsoft may throttle or block delivery

  • DMARC alignment will fail

  • Your domain reputation can degrade over time

Mailjet supports both SPF and DKIM, but DNS ownership and accuracy are entirely your responsibility.

What Is Mailjet’s Sending Architecture?

Before configuring DNS, it’s important to understand how Mailjet sends mail.

Mailjet:

  • Sends from shared or dedicated IPs

  • Signs email with DKIM keys specific to your domain

  • Uses its own sending infrastructure, which must be authorized via SPF

Because of this:

  • You must not replace your existing SPF record

  • You must add Mailjet to your existing SPF policy

  • DKIM must be enabled and verified per sending domain

This is where many SPF failures originate.

Email deliverability

How to Configure SPF for Mailjet (The Right Way)

Step 1: Locate Your Existing SPF Record

SPF records are published as TXT records at the root of your domain.

A valid SPF record always starts with:

v=spf1

Most domains already have one. If you create a second SPF record, SPF will fail entirely.

AutoSPF Tip: Only one SPF record is allowed per domain—multiple records invalidate SPF checks.

Step 2: Add Mailjet to Your SPF Record

Mailjet requires the following mechanism:

include:spf.mailjet.com

If your existing SPF record looks like this:

v=spf1 include:_spf.google.com ~all

You would update it to:

v=spf1 include:_spf.google.com include:spf.mailjet.com ~all

Do not remove other services unless you are certain they are unused.

Step 3: Validate SPF Lookup Count

SPF has a hard limit of 10 DNS lookups. Mailjet’s include consumes lookups just like Google Workspace, Microsoft 365, CRMs, and ticketing systems.

If you exceed the limit:

  • SPF returns PermError

  • Mailbox providers treat the message as unauthenticated

This is one of the most common Mailjet deliverability issues AutoSPF encounters.

AutoSPF Recommendation: Flatten or dynamically manage SPF if your domain uses multiple senders.

Email service

Step 4: Choose the Correct SPF Policy

At the end of your SPF record, you’ll see one of the following:

  • ~all (soft fail – recommended during setup)

  • -all (hard fail – stricter enforcement)

For production domains sending critical mail, -all is preferred only after verification.

How to Configure DKIM for Mailjet

Unlike SPF, DKIM requires domain-specific cryptographic keys published in DNS.

Mailjet supports DKIM signing, but you must enable it manually.

Step 1: Add and Verify Your Sending Domain in Mailjet

In the Mailjet dashboard:

  1. Navigate to Sender Domains
  2. Add your domain (e.g., example.com)
  3. Choose Authenticate this domain

Mailjet will generate DNS records for verification.

Step 2: Publish the DKIM TXT Record

Mailjet typically provides a DKIM record in this format:

Host / Name:

mailjet._domainkey.example.com

Value:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A...

Important considerations:

  • Publish exactly as provided

  • Do not wrap or alter the public key

  • Ensure there are no extra spaces or quotation issues

DNS propagation may take up to 24 hours.

Step 3: Verify DKIM Status in Mailjet

Once DNS propagates:

  • Mailjet will confirm DKIM verification

  • Outgoing mail will be DKIM-signed using your domain

Unsigned Mailjet mail is significantly more likely to be filtered or rejected.

email spoofing

How Does SPF Compare to DKIM: Why You Need Both for Mailjet?

Some organizations mistakenly configure only SPF or only DKIM.

This is insufficient in modern email ecosystems.

Here’s why:

AuthenticationPurposeCan Be Forwarded?
SPFServer authorizationNo No
DKIMMessage integrityYes Yes

Because Mailjet emails may pass through forwarding, gateways, or security layers, DKIM is essential for preserving authentication.

When combined with DMARC, SPF and DKIM work together to:

  • Prevent spoofing

  • Improve inbox placement

  • Enable reporting and policy enforcement

DMARC Alignment Considerations for Mailjet

If your domain has a DMARC policy (p=none, quarantine, or reject), alignment matters.

To pass DMARC:

  • SPF or DKIM must pass

  • The authenticated domain must align with the “From” domain

Mailjet DKIM typically aligns automatically if configured correctly. SPF alignment may vary depending on bounce domains and configuration.

AutoSPF Insight: DKIM alignment is usually more reliable than SPF for Mailjet, which is why DKIM should never be skipped.

What Are Common Mailjet SPF & DKIM Mistakes (We See These Daily)?

No Creating Multiple SPF Records

Breaks SPF entirely.

No Replacing SPF Instead of Merging

Removes authorization for other services.

No Exceeding the 10-Lookup Limit

Results in SPF PermError.

No Publishing DKIM at the Wrong Hostname

DKIM will never verify.

No Forgetting to Enable DKIM Signing in Mailjet

DNS exists, but messages remain unsigned.

No Assuming “Delivered” Means “Authenticated”

Inbox placement depends on authentication, not just SMTP acceptance.

How AutoSPF Simplifies Mailjet Authentication

Manually managing SPF becomes unsustainable as organizations add more tools.

AutoSPF helps by:

  • Automatically merging Mailjet into existing SPF records

  • Preventing lookup limit failures

  • Continuously monitoring SPF health

  • Reducing human error during DNS changes

For teams sending through Mailjet alongside Google Workspace, Microsoft 365, CRMs, and marketing platforms, automated SPF management is the only scalable approach.

DNS Server

How Do You Verify and Monitoring Your Setup?

After configuration, always validate:

  • SPF pass

  • DKIM pass

  • DMARC alignment

Use:

  • Mailjet test sends

  • Header analysis from real inboxes

  • Ongoing DMARC reports

Authentication is not a “set and forget” task—DNS changes, vendor updates, and new tools can silently break it.

Final Thoughts from AutoSPF

Mailjet is a powerful email platform, but its effectiveness depends entirely on correct domain authentication.

A properly configured SPF and DKIM setup:

  • Protects your brand

  • Improves inbox placement

  • Enables DMARC enforcement

  • Prevents spoofing and abuse

If you take one thing away from this guide, let it be this:

SPF and DKIM are not optional when using Mailjet—and small DNS mistakes can have outsized deliverability consequences.

At AutoSPF, we help organizations remove that risk entirely by making SPF management automatic, accurate, and scalable.

Topics

DKIM DMARC SPF SPF record
VL
Vishal Lamba

Content Specialist

Content Specialist at AutoSPF. Writes vendor-specific SPF configuration guides and troubleshooting walkthroughs.

LinkedIn Profile →

Fix your SPF record in 60 seconds

Try AutoSPF free for 30 days. No credit card required.

Start Free Trial

Related Articles

Intermediate 3m

3 points to consider before setting your SPF record to -all (HardFail)

Intermediate 6m

6 Best practices for maintaining an SPF record

Intermediate 3m

Adding your SPF record to your domain provider

Intermediate 5m

Are Your SPF and DKIM Identifiers Aligned?