Chapter 6 – How to set up my emails domain ?

Course content

Resources

Introduction

First off, a bit a definition :

Sender Policy Framework (SPF) is an email authentification method that allows checking during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators.
It basically verifies the sender’s IP address.
DomainKeys Identified Mail (DKIM) helps prevent spoofing on outgoing messages sent from your domain by adding an encrypted signature to the header of all outgoing messages.
It basically verifies who’s sending the email.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) help mail administrators prevent hackers and other attackers from spoofing their organization and domain. Spoofing is a type of attack in which the From address of an email message is forged. A spoofed message appears to be from the impersonated organization or domain.
It basically prevents your email from being forged by someone else.
Mail Exchanger Record (MX Recor) specifies the mail server responsible for accepting email messages on behalf of a domain name.
It basically lets another know which server can send an email for you, and where incoming emails should be routed to.

All four elements allow verifying the authenticity of each email sent. The more you’re set-up, the better another server will trust you, enhancing your deliverability.

It’s that logic! Now let’s set up everything up.

How to set up your certificates with Gsuite domain ?

SPF Record

You need to include Google and La Growth Machine in your SPF.

Go to your domain DNS settings (from your domain provider like GoDaddy, OVH, Namecheap, etc.)
Add or update the SPF record:

v=spf1 include:_spf.google.com include:spf.lagrowthmachine.com ~all

If you already have an SPF record, you must merge them into one line. You can’t have two separate SPF records.

DKIM Record

Google handles DKIM, and you must activate it in your Google Admin console:

Go to Admin console → Apps → Google Workspace → Gmail → Authenticate email.
Follow instructions to generate the DKIM key.
Publish the TXT record in your DNS.
Click “Start Authentication” once the DNS has propagated.

DMARC Record

To monitor and enforce your email authentication policy:

Add the following TXT record to your DNS:

Name: _dmarc
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:[email protected]

Replace “[email protected]” with your actual monitoring address. You can later change “p=none” to “p=quarantine” or “p=reject” once you’re confident everything is working.

To check if it’s correctly set up you can use Google Admin Toolbox CheckMX or test a sent email at “mail-tester.com”

How to do so with Outlook / Microsoft 365 domain ?

SPF Record

Log in to your domain provider (e.g. GoDaddy, OVH, Namecheap).
Go to your DNS settings.
Add or update the SPF record as follows:

v=spf1 include:spf.protection.outlook.com include:spf.lagrowthmachine.com ~all

You can only have one SPF record. If you already have one, you must merge it with the one above.

DKIM Record

Go to your Microsoft 365 admin interface: https://security.microsoft.com/dkimv2
Navigate to:
Email & collaboration → Policies & rules → Threat policies → DKIM
Select your domain.
Copy the two CNAME records provided by Microsoft.
Add them to your domain’s DNS zone.
Once the DNS changes have propagated, return to the admin interface and click Enable.

DMARC Record

Add the following TXT record to your DNS:

Name: _dmarc
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:[email protected]

Replace “[email protected]” with your own email to receive reports. You can change “p=none” to “quarantine” or “reject” later if needed.

To check if everything is working you can send a test email from your account to https://www.mail-tester.com or use Microsoft’s built-in reporting in the Microsoft 365 Admin Center.

How to enable custom domain tracking ?

Most outreach tools track clicks on links using redirect domains. The problem is that when hundreds or thousands of users share the same default tracking domain, it often gets flagged or blacklisted.

That’s why setting up your own custom tracking domain is a game-changer.

Instead of using a shared link like “tracking.emailplatform.com”, you can create your own, like “click.yourcompany.com”.

This creates a consistent digital footprint and builds trust with both email providers and recipients. It also reduces the likelihood that your links are filtered or flagged, which directly improves click-through rates and deliverability.

To set-up your CDT login to your domain provider, access the DNS settings and create your new CNAME record.

Here are the instructions for the most common domain providers:

• BlueHost

• Cloudflare (your proxy must be deactivated)

• GoDaddy

• Mailchimp

• NameCheap

• OVH