Overview
This article helps you set up email authentication for your Access Volcanic website to ensure emails reach recipient inboxes rather than spam folders. Email authentication uses SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting and Conformance) protocols to verify that SendGrid (Access Volcanic's email provider) is authorised to send emails on behalf of your domain. This significantly improves deliverability for system notifications, candidate communications, and admin messages.
Key benefits
Reduce the likelihood of email notifications being marked as spam or rejected by recipient systems.
Authenticate that emails are sent by a verified source through SendGrid.
Protect your brand reputation from spoofing and phishing attempts.
Align with industry-standard email security practices and recipient expectations.
Improve inbox placement rates for candidate notifications and system messages.
Provide better control over email delivery and reputation management.
Before you start
Before setting up email authentication, make sure you have:
Admin access to your Access Volcanic website to review sender email addresses.
Access to your domain's DNS settings through your DNS provider or IT administrator.
The correct email domain identified (the part after @ in your From email address).
Contact details for your DNS provider or internal IT team who can implement DNS changes.
β οΈ Important: Access Volcanic Support cannot make changes to your DNS records. These changes need to be completed by your DNS administrator or IT team.
Handling emails in spam or quarantine
If email notifications are missing or being treated as spam, follow these steps:
For individual recipients
Ask affected users to:
Check their Spam or Junk folder and mark messages as Not Spam.
Use Trust sender or Allow list features if available in their email client.
Add your sender email address to their personal allow list or contacts.
For corporate recipients
Business email systems often use additional filtering:
Ask recipients to check their Quarantine portal for missing messages.
Request they contact their IT team to allow-list your sending domain.
Suggest they add your domain to corporate email security settings.
π Note: Business email systems may apply stricter filtering regardless of authentication status.
Confirming your From email address
Before configuring authentication, you need to identify which domain requires authentication.
Log in to your Access Volcanic admin area as an admin user.
Click Settings in the top navigation.
Under the Site heading, select Site.
Review the From email address used for system notifications.
Note the domain (the part after @) as this is what you'll authenticate.
Update the email address if it's outdated or incorrect.
π Note: This email address appears as the sender for all system emails, so ensure it uses your preferred domain.
Setting up SPF records
SPF records authorises SendGrid to send emails on behalf of your domain.
Identifying your DNS provider
Determine who manages DNS for your email domain (e.g., domain hosting providers like GoDaddy, Cloudflare, 123 Reg).
Contact your internal IT team or domain administrator if you're unsure.
Gather their contact information as they'll implement the DNS changes.
Adding or updating SPF records
Your DNS administrator needs to create or update a single SPF TXT record for your domain.
If no SPF record exists, add this TXT record to your root domain:
v=spf1 include:sendgrid.net -all
If an SPF record already exists, edit it to include SendGrid. Do not create multiple SPF records.
Examples for common email providers:
With Microsoft 365:
v=spf1 include:spf.protection.outlook.com include:sendgrid.net -all
With Google Workspace:
v=spf1 include:_spf.google.com include:sendgrid.net -all
Alternatively, if your DNS provider doesn't support include mechanisms, you can use SendGrid's specific IP address:
v=spf1 ip4:167.89.96.153 -all
β οΈ Important: Only one SPF record is allowed per domain. Combine all sender mechanisms into a single record.
Requesting DKIM and DMARC records
DKIM records provide cryptographic email signatures, while DMARC sets policy for handling authentication failures.
Contact the Support team via the Digital Assistant.
Include your email domain in the case description.
Request both DKIM and DMARC records (DMARC is optional but recommended).
Wait for Support to generate the required DNS records.
Provide the records to your DNS administrator for implementation.
Confirm with the support team once records are live for validation.
π Note: If you already have a DMARC policy in place, you don't need to replace it with the suggested record.
Validating DNS changes
After your DNS administrator implements the changes, validation ensures everything works correctly.
Allow time for DNS propagation (typically a few hours, depending on TTL settings).
Contact Access Volcanic Support once all records are live.
Support will validate DKIM alignment and confirm proper setup.
Monitor email delivery to ensure improved deliverability.
β οΈ Important: Even with proper authentication, delivery isn't guaranteed for every recipient due to individual spam filters and policies.
Best practices
Ensure your From email address uses a domain you control and can authenticate.
Work with your DNS administrator early in the process to avoid delays.
Test email delivery after implementation to confirm improvements.
Monitor spam reports and delivery metrics to track authentication effectiveness.
Keep DNS records up to date if you change email providers or domains.
Avoid spam-trigger content that could override authentication benefits.
FAQs
Q1: Do I need separate authentication for staging and live websites?
Answer: SPF, DKIM, and DMARC apply to your email domain, not your website environment. Configure authentication once per sending domain regardless of which website environment sends the emails.
Q2: Can I add a new SPF record specifically for SendGrid?
Answer: No, you need to maintain only one SPF record per domain. Edit your existing SPF record to include SendGrid using include: or ip4: directives rather than creating multiple records.
Q3: Is DMARC authentication required for email delivery?
Answer: DMARC is optional but strongly recommended for additional protection. If you already publish a DMARC policy, keep your existing record rather than replacing it.
Q4: Who actually implements the DNS record changes?
Answer: Your DNS provider or internal IT administrator needs to implement these changes. Access Volcanic Support provides the required DNS values and validates the setup but cannot access your DNS directly.
Q5: I've implemented everything correctly but some emails still go missing. Why?
Answer: Email providers apply additional reputation and content filtering beyond authentication. Ask recipients to check spam and quarantine folders, consider link branding if links are flagged, and ensure email content avoids spam-trigger patterns.
Q6: How long does it take for DNS changes to take effect?
Answer: DNS propagation typically takes a few hours but can vary based on your provider's TTL settings. Allow sufficient time for changes to propagate before testing email delivery.
Q7: Can email authentication guarantee inbox delivery?
Answer: Authentication significantly improves deliverability but cannot guarantee delivery due to recipient-specific filters, policies, and reputation factors.
Q8: Why are links in my emails being flagged as unsafe?
Answer: Email security software may flag links as suspicious if they don't appear to come from your verified domain. Link branding resolves this by making email links appear to come from your domain rather than a third-party service.
Q9: How do I set up link branding?
Answer: Contact Access Volcanic Support to request link branding setup. Support will provide additional DNS records for link verification that your DNS administrator needs to implement. Links in your emails will then appear to come from your verified domain.
Q10: What happens if you change email providers in the future?
Answer: You'll need to update your SPF record to authorise the new email provider and may need new DKIM records. Contact Support if you're migrating from SendGrid to help plan the transition.