The full authentication stack
Generate DKIM keys, get exact SPF guidance, and align DMARC so the major mailbox providers trust mail from your domain. Authentication is the table stakes for the inbox — and it's set up here, once.
Deliverability
Authenticate the domain once. Send from it forever.
Generate DKIM, publish SPF and DMARC, and route tracking and bounce subdomains through your own brand. One-click unsubscribe is built in, and Mumara verifies the records on demand and re-checks them daily so authentication never silently breaks.
acme.example · DNS
- DKIMTXT Verified
- SPFTXT Verified
- DMARCTXT Verified
- TrackingCNAME Verified
- BounceMX + SPF Pending
re-checked daily4 of 5 verified
What it covers
Authenticate, brand, keep verified.
Your brand on every link
Custom tracking and bounce subdomains route through your own domain, so click-through URLs and return paths carry your brand instead of a shared platform one — better for trust and for deliverability.
Verified, and re-checked
Verify DNS on demand when you publish the records, and a scheduled daily re-check catches it if a record later changes or disappears — so authentication never silently breaks behind your back.
Setup
Four steps, then it just works.
- 1
Add the domain
Enter your sending domain; Mumara generates the DKIM key and lists the records to publish.
- 2
Publish DNS
Add the DKIM, SPF, tracking, and bounce records at your DNS provider — copy-paste from the dashboard.
- 3
Verify
Run an on-demand check to confirm everything resolves; the daily re-check watches from then on.
- 4
Send authenticated
Every message from the domain is signed and aligned, with your brand on tracking and return paths and one-click unsubscribe attached.
What it prevents
The authentication failures that sink delivery.
-
Unauthenticated mail in the spam folder
Without DKIM, SPF, and DMARC, the major providers distrust your mail by default. Full authentication is the baseline for inbox placement, set up once per domain.
-
Shared tracking domains
Click links pointing at a generic platform domain dilute trust and tie your reputation to other senders. Custom tracking subdomains keep your brand — and your reputation — your own.
-
Authentication silently breaking
A DKIM rotation gone wrong or an edited SPF record can quietly start failing. The daily re-check flags it before the bounce wall arrives.
-
Missing one-click unsubscribe
Gmail and Yahoo now require RFC 8058 one-click unsubscribe for bulk senders. It's added automatically, so you meet the requirement without extra work.
What it earns you
The difference authentication makes.
-
Inbox placement
- Without it
- Unauthenticated mail is distrusted and filtered by default.
- With it set up here
- DKIM, SPF, and DMARC together earn the baseline trust that gets you into the inbox at the major providers.
-
Brand on every link
- Without it
- A shared platform tracking domain ties you to other senders.
- With it set up here
- Custom tracking and bounce subdomains carry your brand, keeping your reputation isolated and your links recognisable.
-
No silent breakage
- Without it
- An edited SPF record or bad DKIM rotation quietly starts failing.
- With it set up here
- The daily re-check flags a broken record before it becomes a wall of bounces and a deliverability cliff.
-
Bulk-sender compliance
- Without it
- Gmail and Yahoo now require one-click unsubscribe.
- With it set up here
- RFC 8058 one-click unsubscribe is attached automatically, so you meet the requirement without extra setup.
“Authentication used to be the scary part of moving ESPs — one wrong SPF record and you're in spam. Here it generated the DKIM, told me exactly what to publish, and verified it in a click. The daily re-check is the quiet hero, though: it caught a DNS change our hosting provider made before it ever cost us delivery.”
Verified review
Mumara ONE customer
G2
Common questions
What buyers usually ask.
What records do I need to publish?
DKIM (a TXT record from the key Mumara generates), SPF guidance for your domain, DMARC for alignment, a CNAME for your custom tracking subdomain, and MX + SPF for a custom bounce subdomain. The dashboard lists each one ready to copy into your DNS.
Why use custom tracking and bounce subdomains?
So click-through links and return paths carry your own brand rather than a shared platform domain. That keeps your sender reputation isolated from other senders and looks trustworthy to recipients and filters alike.
What if a record changes later?
Mumara re-checks your domain's DNS on a daily schedule in addition to on-demand verification, so if a record is edited or removed, you're alerted before it quietly tanks your authentication and deliverability.
Is one-click unsubscribe handled?
Yes. List-Unsubscribe headers with RFC 8058 one-click support are added automatically to your sends, meeting the bulk-sender requirements Gmail and Yahoo enforce — no manual setup.
Related
Pages that pair with this one.
-
Dedicated IPs
Authenticated domains on dedicated IPs are the foundation of a clean sender reputation.
Read more -
Reputation Monitoring
Rules watch DKIM/SPF health and blacklist status so a break is caught and acted on.
Read more -
Bridges
Bridges send from your authenticated domains through their Pools and IPs.
Read more -
Bounces & DSN
The custom bounce subdomain routes return paths so DSN classification stays on your brand.
Read more
Mumara ONE · Sending Domains
Get authentication right, once.
DKIM, SPF, DMARC, branded tracking and bounce subdomains, and one-click unsubscribe — verified on demand and re-checked daily so it never silently breaks.