Email servers are constantly looking for levels of authentication because we live in a world where scammers will buy email lists and blast emails whilst disguised as another company.
Check the sender information the next time you number in cambodia receive a spam or scam email. It’s often sent to ‘look’ like it’s from @apple.com but it is accompanied by a message of ‘sent via …’. This can mean there is no authentication in place and the sender isn’t who they say they are.
The first and most basic authentication check is the ‘SPF’ (Sender Policy Framework) record and then ‘DKIM’ (DomainKeys Identified Mail). These are both compulsory in Pardot so you must have these levels of authentication set up.
You’ll also require a third ‘validation’ via a ‘TXT’ record. This is relatively new to Pardot. So new, in fact, that I only noticed MarCloud’s account had a ‘Legacy verified’ notice the other day (Jan ‘23). I hadn’t seen this before! I assume that because our domain was already authenticated we didn’t need to re-authenticate.
To recap, you’ll need to set up three elements in your DNS:
SPF record
DKIM (DomainKey)
Validation TXT record
Here’s a video guide on how to configure the SPF and DKIM for Pardot, but scroll further for text instructions and additional key information! It was recorded some years ago in a loft in Lisbon so you may notice slight differences in the account interface/terminology.
SPF record
The SPF record to add to your DNS for Pardot is:
v=spf1 include:aspmx.pardot.com ~all
Screenshot of the MarCloud SPF record setup
If an SPF record exists in your DNS already, you can copy and paste the include:aspmx.pardot.com part into the existing SPF string.
For companies that have a more technical setup, you should consult with your IT team to work out the best approach to your SPF setup. Some companies have lots of records (more than 10) so you can use a process called ‘flattening’ which allows you more flexibility and more records.
Diagram showing how SPF authentication works
Source: Email on Acid
The steps for adding an SPF record differ among DNS providers, so you’ll need to check the documentation for the provider you use. For example, in Cloudflare, the ‘@’ symbol is used to ‘point’ to the root domain marcloudconsulting.com. Other providers may use a different symbol. Some providers also only allow ‘TXT’ records and there’s no mention of ‘SPF’. If this is the case for you, a TXT record will do the trick.