> ## Documentation Index
> Fetch the complete documentation index at: https://jetemail.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# Email Authentication Requirements
> SPF for SMTP allow-any-domain; verification records (SPF, return-path CNAME, DKIM, DMARC) when you add a domain in the dashboard.
## Overview
What you need depends on **how** you send mail with JetEmail:
| Setup | What you need |
| --------------------------------- | ----------------------------------------------------------------------------- |
| **SMTP with “allow any domain”** | **SPF only** — one TXT record on each domain you send from |
| **Domain added in the dashboard** | **All records the dashboard shows** — SPF, return-path CNAME, DKIM, and DMARC |
The dashboard lists the exact names and values for your domain. Use those values; the examples below use `yourdomain.com` — replace with your real domain.
Missing or wrong DNS records can cause verification to fail, bounces, or poor deliverability. Domains without required authentication may be rejected where policy requires it.
***
## SMTP: “Allow any domain”
If you use SMTP with **allow any domain**, you are only required to publish **SPF** for each sending domain.
**TXT record** (typically at `@` / root of the domain, or as your DNS host instructs):
```
v=spf1 include:spf.jetsmtp.net ~all
```
No DKIM or DMARC records are required for this mode. However, for best deliverability and authentication alignment, we strongly recommend verifying your domain in the dashboard and publishing all records (SPF, return-path CNAME, DKIM, and DMARC) when possible. For more detail on SPF, see the sections above.
***
## Dashboard: domain verification records
When you **add and verify a domain in the dashboard**, JetEmail shows a fixed set of records. Add **all** of them in DNS. Names use **your** domain (e.g. `yourdomain.com` instead of `noc.network` in the examples below).
### SPF
| Type | Host / name | Value |
| ------- | -------------------- | ------------------------------------- |
| **TXT** | `@` (or root domain) | `v=spf1 include:spf.jetsmtp.net ~all` |
*(Exact host may match what the dashboard displays for your provider.)*
### Return path (bounce domain)
| Type | Host / name | Value |
| --------- | ------------------------ | -------------------- |
| **CNAME** | `em12345.yourdomain.com` | `return.jetsmtp.net` |
The subdomain is **not** always `em12345` — JetEmail assigns a **unique** `em…` hostname per domain (e.g. `em21157`). Copy the **exact** name from your dashboard.
### DKIM
| Type | Host / name | Value |
| --------- | ------------------------------------ | ------------------ |
| **CNAME** | `jetemail._domainkey.yourdomain.com` | `dkim.jetsmtp.net` |
### DMARC
| Type | Host / name | Value |
| ------- | ----------------------- | ------------------ |
| **TXT** | `_dmarc.yourdomain.com` | `v=DMARC1; p=none` |
`p=none` is the **minimum** policy that satisfies verification. A **stricter** policy also passes — for example `p=quarantine` or `p=reject` — as long as DMARC is valid. See our [DMARC guide](/outbound/dmarc) if you want to tighten policy later.
***
## After you publish DNS
* DNS can take a few minutes to propagate.
* The dashboard shows **Verified** next to each record when it’s correct.
* If something stays unverified, double-check hostnames (some panels append the domain automatically — avoid doubling `.yourdomain.com`).
***
## Why it matters
* **SPF** — Authorizes JetEmail to send for your domain.
* **Return-path CNAME** — Aligns bounces and infrastructure with our sending setup.
* **DKIM** — Cryptographic signing for your messages.
* **DMARC** — Policy and alignment on top of SPF/DKIM.
***
## Need help?
Contact support if any record won’t verify. You can also use the dashboard’s copy-paste values as the source of truth for your domain.
* [DMARC Configuration](/outbound/dmarc)
* [Getting Started with Outbound SMTP](/outbound/getting-started)