Why is DMARC alignment important?
📓 DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It’s an email authentication standard that helps prevent spam, spoofing, and phishing.
If your DMARC policy is strict, it requires precise alignment between your domain settings and the servers sending your emails.
If you’ve connected your email in Certifier and see a warning, or your emails are landing in spam, your domain might have a strict DMARC policy. This means your DNS settings are missing records that confirm we’re allowed to send emails on behalf of your domain, and that can hurt deliverability.
The good news? Fixing this only takes a few steps!
How to find and fix "strict DMARC policy" alert?
Go to the Emails → Sender Details section in Certifier. If we detect a strict DMARC policy on your domain, you’ll see a warning like this:
You can learn more after entering the Sender's Details:
No worries! To fix this issue, you'll just need to follow these steps:
Find the affected email in Emails → Sender Details and enter the details.
Click on the Check configuration button:
You’ll see the required DNS records (TXT and MX) for the
mail-certifier
subdomain. Here’s an example of what the records might look like:
MX Record
Host:
mail-certifier.yourcompany.com
Type: MX
Priority: 10
Value:
feedback-smtp.eu-west-1.amazonses.com
TXT Record (SPF)
Host:
mail-certifier.yourcompany.com
Type: TXT
Value:
"v=spf1 include:amazonses.com ~all"
Copy these values and add them to your DNS zone:
💡 These records won’t affect your default email sending. They only apply to the
mail-certifier
subdomain used by Certifier.After updating the DNS records, go back to the app and click Check DNS Records:
⏳ Please note that changes can take up to 72 hours to be detected.
And that's it - if everything's correct, the warning will disappear from your account!
I added the records, but the alert still appears. What to do?
If you’ve added the records, waited 72 hours, and still see the warning:
Double-check your DNS entries for typos or formatting issues.
Then, contact our support team with a screenshot of your current DNS records so we can verify and troubleshoot the setup.
I didn't get any alert, but my emails land in spam. How to fix that?
In some cases, you may not see any alert in the app, but your certificate emails are still landing in spam or being marked as unverified by recipients’ email providers.
If that’s the case, you can manually add the required records to your DNS zone to improve deliverability:
MX Record
Host:
mail-certifier.yourcompany.com
Type: MX
Priority: 10
Value:
feedback-smtp.eu-west-1.amazonses.com
TXT Record (SPF)
Host:
mail-certifier.yourcompany.com
Type: TXT
Value:
"v=spf1 include:amazonses.com ~all"
After adding the records, please contact our support team to manually verify the configuration.
💡 These records won’t affect your default email sending. They only apply to the mail-certifier
subdomain used by Certifier.
Still having deliverability issues?
If the messages are still not delivered correctly after setting up DNS records, consider the pattern:
Trouble delivering to one specific domain?
The issue may be on the recipient's side. Ask them to whitelist your domain.Trouble delivering to multiple domains?
Reach out to us again - there may be more we can help with.
Need more help?
If you still have some questions, do not hesitate to contact us via the chat icon or email us directly: [email protected]