NiishCloud requires authenticated email for all outbound messages. This guide explains how to configure SPF, DKIM, and DMARC for domains hosted on our platform.
SPF, DKIM, and DMARC work together to prove that messages from your domain are authorized and unmodified. Without them, recipients and mailbox providers cannot trust your mail — increasing spam folder placement and enabling spoofing attacks.
Customers using NiishCloud Managed Email receive pre-configured SPF and DKIM records when their mailbox is provisioned. Add the provided DNS records in DNS Management or your domain registrar panel. Our support team can verify records before you go live.
Add a TXT record at your domain root (@):
Type: TXT Host: @ Value: v=spf1 include:_spf.niishcloud.com ~all
Use ~all (soft fail) during testing. Once confirmed, consider -all (hard fail) for stricter enforcement. Only one SPF record is allowed per domain — merge includes if you send from multiple providers.
NiishCloud provides a unique DKIM selector and public key when you enable outbound email. Add the CNAME or TXT record exactly as shown in your client area or onboarding email. Example format:
Type: CNAME Host: niishcloud._domainkey Value: niishcloud._domainkey.niishcloud.com
DKIM must pass alignment with your From: domain for DMARC to succeed.
Deploy DMARC in stages to avoid blocking legitimate mail:
Type: TXT Host: _dmarc Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; pct=100
NiishCloud monitors delivery feedback from mailbox providers. Tenants must maintain suppression lists and must not re-send to addresses that have hard-bounced or filed abuse complaints.
After DNS propagation (up to 48 hours):
If you receive abusive mail from NiishCloud infrastructure, report it to abuse@niishcloud.com. We review reports within 24 business hours.