Stop Gmail from Blocking Your Domain Emails — SPF, DKIM & DMARC Setup (DreamHost, Bluehost, GoDaddy, HostGator, Google Workspace & GetResponse)

Why this matters (short)

Email providers (Gmail, Outlook, Yahoo) reject or classify messages as spam when they can’t verify who sent them. That happens when your domain lacks proper SPF and DKIM records or when DMARC isn’t set. Fixing authentication:

• Prevents bounces and blocks (e.g., Gmail's 554 5.7.26 error).
• Improves inbox placement for cold outreach and transactional mail.
• Protects your brand from spoofing and phishing.

Quick definitions — plain English

• SPF (TXT record): a DNS list of servers allowed to send mail for your domain (simple validator for "who can send").
• DKIM (CNAME or TXT): cryptographic signature added to outgoing messages; recipient verifies it using a public key in DNS (makes sure mail wasn't altered and is from your domain).
• DMARC (TXT): policy that tells receivers what to do when SPF/DKIM fail; also lets you receive reports about issues.

General workflow — the 3 steps

1. Create SPF TXT that authorizes your sending service(s).
2. Add DKIM records provided by the platform that actually sends your mail (GetResponse, MailChannels, Google Workspace, etc.).
3. Add DMARC so you can monitor failures and move to stricter policies once things are healthy.

Basic example records (copy/paste)

Start with these examples. Replace any domain-specific selectors your provider gives you.

SPF (TXT)

Type: TXT
Name: @
Value: v=spf1 include:mailchannels.net ~all

DKIM (example CNAME for a platform)

Type: CNAME
Name: selector1._domainkey
Value: selector1-yourprovider-com._domainkey.provider.com

DMARC (TXT)

Type: TXT
Name: _dmarc
Value: v=DMARC1; p=none; rua=mailto:you@yourdomain.com

Note: replace provider and selectors with the exact values shown by your email service provider dashboard.

Provider-specific instructions

DreamHost (common for small businesses)

1. Login to DreamHost → Websites → Manage Websites → DNS Records.
2. Add SPF TXT: copy the SPF example above (or include other providers if needed):
   v=spf1 include:mailchannels.net ~all
3. Enable DKIM from DreamHost panel if you use DreamHost mail: Mail → Manage Email → Edit your mailbox → Enable DKIM. DreamHost will auto-add the proper DKIM records.
4. Add DMARC TXT as shown above.

If you send via a third-party (e.g., GetResponse) add their include: to the SPF (see GetResponse section below).

Bluehost (cPanel)

1. Login to Bluehost → Advanced → Zone Editor or Email → Email Deliverability.
2. SPF: Add TXT record: v=spf1 include:spf.protection.outlook.com include:bluehost.com ~all (adjust for your sending service).
3. DKIM: In cPanel → Email Deliverability or "Authenticate Email", enable DKIM; Bluehost will display the CNAME/TXT values to paste.
4. DMARC: Add the same DMARC TXT record.

GoDaddy

1. Log in → My Products → DNS → Manage DNS for your domain.
2. SPF: Add a TXT record. Example for Office 365 users: v=spf1 include:spf.protection.outlook.com -all.
3. DKIM: If using Office 365 / Microsoft 365, enable DKIM from Microsoft 365 Admin Center and add the two CNAME records GoDaddy will host.
4. DMARC: Add TXT record _dmarc with value like the example above.

HostGator (cPanel)

1. Login → Domains → DNS Zone Editor or cPanel → Email Deliverability.
2. SPF: Add the TXT record; HostGator often uses include:websitewelcome.com in legacy setups — but prefer explicit service includes (MailChannels, SendGrid, etc.).
3. DKIM: Use cPanel Email Deliverability to generate/apply DKIM.
4. DMARC: Add the DMARC TXT.

Google Workspace (Gmail for business)

1. Admin Console → Apps → Google Workspace → Gmail → Authenticate email (DKIM).
2. SPF: Ensure your TXT includes Google’s SPF: v=spf1 include:_spf.google.com ~all.
3. DKIM: Google will give you a TXT/CNAME selector to publish; add it via your DNS host.
4. DMARC: Add the DMARC TXT.

GetResponse (popular email marketing platform)

If you send campaigns through GetResponse, authenticate the sending domain in GetResponse first — they will give you DKIM CNAME (or TXT) values and instruct you to add SPF include for GetResponse.

SPF: v=spf1 include:_spf.getresponse.com include:mailchannels.net ~all

DKIM: (Add the CNAME GetResponse provides, e.g.)
gr._domainkey.yourdomain.com  →  gr._domainkey.getresponse.com

After adding, return to GetResponse and click Verify / Authenticate in their dashboard.

Testing & verification

After DNS changes, wait 30–60 minutes, then run these checks:

• MXToolbox SPF check
• MXToolbox DKIM check
• Mail-Tester — send a test and inspect score & headers
• Send a test to check-auth@verifier.port25.com for a detailed auth report

Troubleshooting common problems

• “SPF did not pass” — your sending server isn’t included in the SPF record. Add the appropriate include: (e.g., mailchannels.net, _spf.getresponse.com, outlook.com).
• “DKIM did not pass” — wrong selector or missing CNAME; copy the DKIM values exactly from your provider.
• Multiple SPF TXT records — combine them into a single TXT entry; having more than one will break SPF.
• Propagation delay — DNS caching may take up to several hours; test after 1–2 hours and again later.

Example: Fixing a real bounce

Typical bounce message from Gmail:

554 5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.
SPF [yourdomain.com] = did not pass
DKIM = did not pass

Solution: add SPF that authorizes the server listed in the bounce (e.g., mailchannels.net) and enable DKIM for the sending system. Then re-send.

Checklist you can follow

Need help? We can set this up for you

If you’d prefer to avoid DNS panels and testing yourself, SuperTek Services can set this up and verify deliverability for your sending stack (Outlook/SMTP, GetResponse, MailChannels). We also help configure email warm-up so your outreach lands in inboxes.

Contact: feedback@supertekservices.com • Call: 951-897-0001