Skip to main content
Source Guide: Mailgun

Source Guide: Mailgun

Email TechnologyTechnical Guidance

This guide describes the process for configuring Mailgun to send DMARC-compliant messages. You will need to configure this source, and others that send on your behalf, before advancing your DMARC policies to a more restrictive state, e.g., quarantine and/or reject.

To bring this source into DMARC compliance, you will need access to the Mailgun administrative account and the domain’s DNS management console.

From time to time, these instructions change with very little advance notice. Please always refer to documentation hosted by Mailgun for the most complete and accurate information.

General information
Mailgun provides an email delivery service that allows developers to integrate email into applications through APIs and SMTP. Many departments may use this service in your organization, but it is often managed by an application development team. Mailgun supports DMARC compliance through SPF and DKIM alignment.

SPF & DKIM
To configure SPF and DKIM:

  • In the Mailgun console, navigate to Sending>Overview and add your domain. You also have the opportunity to choose your DKIM key length. We recommend 2048 bit.
  • Navigate to Sending > Overview and add DNS records for sending.
    1. To configure SPF, you will need to add “include:mailgun.org” to the SPF record for the domain added in the Mailgun console (from step above). 
    2. To configure DKIM, add the public key provided by Mailgun to your DNS records.
  • Click Verify DNS settings. Note that in some cases it may take several minutes to several hours before the records can be successfully verified.

Note:
It is recommended to configure a subdomain for use with Mailgun rather than your primary corporate domain. For example, if your corporate domain is example.com, add the domain m.example.com in Mailgun. All SPF and DKIM-related records will be configured for that subdomain. You will still be able to send from example.com, but the SPF and DKIM authentication will be done for m.example.com and conform with DMARC relaxed alignment.

Reference: Mailgun’s SPF & DKIM directions


If you have a dmarcian account, it may take a few days to see these changes reflected in the dmarcian platform. You can look in the Detail Viewer (shown below) to check SPF and DKIM alignment required for DMARC.

dmarcian detail viewer screenshot for source guides

With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.


Want to continue the conversation? Head over to the dmarcian Forum.