SPF, DKIM and DMARC - Requirement for using a custom sender address

Note: Using a custom sender address is NOT included in the Basic plan.

✅ Start here – How to get set up, step by step

If you want to send e-mails via Ungapped using your own sender address, you first need to configure the following settings in your domain (DNS) and mail settings:

1. Create a bounce inbox

For example: mail@yourdomain.com or newsletter@yourdomain.com.
This inbox is used to receive error messages from undelivered e-mails.

2. Add an SPF record

This tells the internet that Ungapped is authorized to send e-mails on your behalf.

3. Create three DKIM records

These help verify that your e-mails are encrypted and haven’t been tampered with.

4. If you don't have one already - Add a DMARC record

This protects your domain from abuse, such as spoofing and phishing.
✔️ Once these are set up, spam filters will recognize your e-mails as legitimate – increasing the chances of reaching the inbox.

Once you’ve completed all the steps, please contact our support team (support@ungapped.com) and let us know which sender address you’d like to use. We will then verify that everything is working correctly and has been properly set up.

Set up a bounce inbox

When you send newsletters or bulk e-mails, many messages may bounce – for example, if the recipient is out of office or the e-mailaddress no longer exists. These bounces back go to the sender address you’re using.

💡 That’s why it’s smart to create a dedicated, unmanned inbox that only handles bounces – not an e-mailaddress you use for regular communication.

Does the inbox need to exist/work?

Yes! Even if it’s unmanned, it must be a real, working e-mail address.

Examples of unmanned addresses:
❌ noreply@yourdomain.com – works technically, but feels closed and impersonal
✅ mail@yourdomain.com
✅ news@yourdomain.com
✅ newsletter@yourdomain.com

We advise against using “noreply” as it can reduce open rates.
Use something more inviting – it increases the chances that recipients open your mailngs (and maybe even reply!).

✉️ A reply from a recipient is actually a good thing – it signals to their e-mail system that you’re a trusted sender, improving inbox placement in the future.

Set up SPF for your sender address

To ensure proper delivery, you need to authorize Ungapped’s servers to send e-mails in your name. This is done by adding us to your domain’s SPF settings – a kind of “allowed senders” list. It tells spam filters that your e-mail is approved by you.

If you already have an SPF record:

Add include:_spf.ungapped.io before the ~all parameter in your existing SPF record.

Example:
If you currently have:
v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com ~all
You simply add Ungapped like this:
v=spf1 a mx include:_spf.google.com include:spf.protection.outlook.com include:_spf.ungapped.io ~all

If you don’t have an SPF record:

Add a TXT record to your DNS with this value:
v=spf1 include:_spf.ungapped.io ~all

⚠️ Technical limit: If your SPF record contains too many include: entries and exceeds the 10-domain lookup limit, you may need to add Ungapped’s IP addresses directly instead.

Set up DKIM records

DKIM (DomainKeys Identified Mail) is an authentication method that allows the recipient to verify that an e-mail was actually sent and approved by the domain owner. This is done via a digital signature.

To authorize Ungapped to sign your messages, add the following CNAME records to your domain (three during the transition phase):

1. ug1._domainkey.yourdomain.com → Value: dkim.ungapped.io

2. ug2._domainkey.yourdomain.com → Value:dkim2.ungapped.io

3. (temporary) key1._domainkey.yourdomain.com → Value:dkim.ungapped.io

Validation tip:
Use MXToolbox SuperTool to check if the records are correctly set.
Some DNS providers may require a trailing dot in the value, e.g. dkim.ungapped.io.

Replace “yourdomain.com” with your actual sending domain, e.g. ug1._domainkey.EXAMPLEDOMAIN.com

Set up DMARC

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a technical standard that improves security, reduces fraud, and helps protect your domain from spam and spoofing.

Since 2024, a valid DMARC policy is required in order to send large volumes of e-mails to Gmail and Yahoo.

To set up a DMARC policy, create a TXT record for the _dmarc subdomain of your sending domain:

• Host: _dmarc.yourdomain.com

• Value: v=DMARC1; p=none;

Want to receive reports on abuse? Add a reporting address:
v=DMARC1; p=none; rua=mailto:dmarcreports@yourdomain.com

Once you’re confident that SPF and DKIM are correctly set up with all your e-mail providers, you can change p=none to p=quarantine or p=reject. This instructs recipient servers to block messages that don’t pass authentication.

Read more here: How to set up DMARC – MXToolbox

📬 Final note – Why send with your own domain/sender address?

✅ Stronger brand recognition – the recipient knows it’s you
✅ Improved deliverability – better inbox placement
✅ Lower spam risk – content and domain match
✅ Higher trust – leads to more opens and clicks