United StatesUS
Email LoginHosting Login
Niish Cloud Solutions

Email Authentication Guide

NiishCloud requires authenticated email for all outbound messages. This guide explains how to configure SPF, DKIM, and DMARC for domains hosted on our platform.

Why Email Authentication Matters

SPF, DKIM, and DMARC work together to prove that messages from your domain are authorized and unmodified. Without them, recipients and mailbox providers cannot trust your mail — increasing spam folder placement and enabling spoofing attacks.

  • SPF (Sender Policy Framework) — DNS record listing which servers may send email for your domain
  • DKIM (DomainKeys Identified Mail) — cryptographic signature proving the message was not altered in transit
  • DMARC (Domain-based Message Authentication) — policy telling receivers what to do when SPF or DKIM fails, plus reporting for monitoring

Managed Email on NiishCloud

Customers using NiishCloud Managed Email receive pre-configured SPF and DKIM records when their mailbox is provisioned. Add the provided DNS records in DNS Management or your domain registrar panel. Our support team can verify records before you go live.

Step 1: Configure SPF

Add a TXT record at your domain root (@):

Type: TXT
Host: @
Value: v=spf1 include:_spf.niishcloud.com ~all

Use ~all (soft fail) during testing. Once confirmed, consider -all (hard fail) for stricter enforcement. Only one SPF record is allowed per domain — merge includes if you send from multiple providers.

Step 2: Configure DKIM

NiishCloud provides a unique DKIM selector and public key when you enable outbound email. Add the CNAME or TXT record exactly as shown in your client area or onboarding email. Example format:

Type: CNAME
Host: niishcloud._domainkey
Value: niishcloud._domainkey.niishcloud.com

DKIM must pass alignment with your From: domain for DMARC to succeed.

Step 3: Configure DMARC (Recommended Rollout)

Deploy DMARC in stages to avoid blocking legitimate mail:

  1. Monitor (p=none) — collect reports without affecting delivery:
Type: TXT
Host: _dmarc
Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; pct=100
  1. Quarantine (p=quarantine) — after 2–4 weeks of clean reports, move to quarantine for failures
  2. Reject (p=reject) — final stage for maximum protection once all legitimate senders are authenticated

Bounce and Complaint Handling

NiishCloud monitors delivery feedback from mailbox providers. Tenants must maintain suppression lists and must not re-send to addresses that have hard-bounced or filed abuse complaints.

  • Hard bounces and complaints are suppressed automatically in our platform within seconds of notification
  • Accounts exceeding a 2% bounce rate or 0.05% complaint rate may have sending paused pending review
  • Marketing sends require documented opt-in consent — see our Acceptable Use Policy

Verifying Your Configuration

After DNS propagation (up to 48 hours):

  • Send a test message to a Gmail or Outlook account and inspect message headers for SPF=pass, DKIM=pass, DMARC=pass
  • Use a third-party checker (e.g., MXToolbox, dmarcian) to validate record syntax
  • Contact support@niishcloud.com for a deliverability review before high-volume sends

Report Abuse

If you receive abusive mail from NiishCloud infrastructure, report it to abuse@niishcloud.com. We review reports within 24 business hours.