How to set up DNS for Zivver


This article explains how to set up DNS records so that Zivver messages sent from your organization will be marked as originating from a domain your organization controls, as opposed to

Making these changes will lessen the likelihood that messages originating from your organization are filtered as spam because of inconsistencies, and ensure that the return address is one your organization controls (as opposed to

Zivver checks whether your domain records are set up correctly. The results are displayed in a table at the bottom of the Zivver DNS Settings page.


  1. You have access to the DNS of your domain.
  2. You have administrator permissions in Zivver.

Add domain

You should only add domains that send emails. If a mailbox can send normal emails, then the mailbox can also send Zivver emails given the user has a Zivver account. Domains in your organization that only receive emails do not need the below DNS settings.

  1. Go to the Zivver DNS Settings page and log in with your administrator credentials.
  2. In the top right corner, click ADD DOMAIN.
  3. Enter your domain and click ADD.
    _Zivver will automatically scan for already present DNS settings and show either
  4. a checkmark_ done where present or
  5. an exclamation mark report_problem if settings are not present.
  6. Inspect the DNS records for your domain by clicking the down facing arrow arrow_drop_down on the last row of the table.
    a drop-down showing these records is displayed You should now see the Return-Path CNAME, DKIM, SES CODE and SPF.

Following chapters will explain how to add the settings to your DNS. Make sure you have both the DNS administrator panel and the Zivver administrator panel open.

Returnpath CNAME

The Return-Path CNAME points the Return-Path of Zivver emails back to Zivver, so that Zivver receives bounced messages and other email feedback that is sent by receiving mail servers. This allows Zivver to pass the feedback along to the Zivver user, notifying the user if, for example, a Zivver message is bounced.

An additional benefit is that setting the Return-Path lets the email pass the SPF alignment test, which is a part of DMARC.

When you create a CNAME record, you actually create a subdomain (zivverbounce.yourdomain) and point it to to allow emails to be routed back to Zivver.

Create a new CNAME record in your DNS where the name is zivverbounce.yourdomain and the value is

Action Create new
DNS record type CNAME
Name zivverbounce.


DomainKeys Identified Mail (DKIM) allows Zivver to take responsibility for a message, in a way that can be verified by a recipient. Zivver generates a public key in the Zivver DNS settings in the admin portal and Zivver emails will be signed with a private key so that receiving mail servers can verify the email from Zivver hasn’t been tampered with.

Create a new TXT record in your DNS and populate it with the value shown in the Zivver admin portal.

Action Create new
DNS record type TXT
Name zivver._domainkey.
Value See > DKIM
Do I need to implement DKIM on my domain to use DKIM for Zivver emails?
No, you don’t need to implement DKIM on your domain to use DKIM for Zivver emails. You can implement DKIM for Zivver emails first and implement DKIM for the rest of your domain later if you haven’t implemented DKIM yet.


Zivver uses Amazon simple email service (SES) to send emails. Including this record verifies that your organization actually controls the domain that email is being sent from, for the benefit of Amazon SES.

Create a new TXT record in your DNS and populate it with the value generated in the Zivver admin portal.

Action Create new
DNS record type TXT
Name left empty or @ (1)
Value See > SES CODE

(1) Whether the name is left empty or filled with @ depends on your hosting provider.


The Zivver Sender Policy Framework (SPF) entry shows that Zivver is allowed to send email on behalf of your organization.

Update the already existing TXT record for SPF in your DNS by adding to the value string that is your SPF record.

Action Update existing SPF record
DNS record type TXT
Name left empty or @ (1)

(1) Whether the name is left empty or filled with @ depends on your hosting provider. Please check the documentation of your hosting provider to find out if you need to leave the name empty or fill in @.

Make sure not to exceed the limit of 10 DNS lookups. How your SPF record will look depends on other mail servers or service providers that send email on your behalf. For example, your SPF record might look like this if you use Google, Microsoft Office 365 and Zivver to send email on your behalf:

v=spf1 ~all

Can a Zivver message be strict SPF aligned?

No, Zivver emails will be relaxed SPF aligned after adding the Zivver CNAME record. Zivver messages cannot be strict SPF aligned because the returnpath is set to a subdomain (

DNS Lookup Limits

Your SPF record can only contain a maximum of 10 mechanisms and modifiers which is called the DNS Lookup Limit. The DNS Lookup Limit is created to prevent unreasonable DNS load during SPF evaluation.

Setting up SPF for Zivver takes up 2 DNS lookups from the total amount of 10 available DNS lookups.

Check your SPF record

Use any SPF record checker such as Dmarcian or MXTOOLBOX to check if you can add the Zivver SPF record without exceeding the 10 DNS lookups Limit.

My SPF record contains too many lookups

When the receiving email server checks for SPF and finds the DNS Lookup Limit is exceeded, the email server will show “SPF PermError: too many DNS lookups” which results in a fail for an SPF check by a DMARC policy. Therefore having too many DNS lookups can negatively affect your email deliverability. Dmarcian gives some examples to overcome the SPF challange of having too many DNS lookups.

Why does Zivver use 2 DNS lookups?

Zivver uses 2 DNS lookups because both and are used to send emails from Zivver on behalf of your organization. Zivver does not recommend to flatten the SPF record because the underlying server IP addresses will change in the future and Zivver does not update customers when IP addresses of email servers change.


DANE and TRUSTED are not required for Zivver to send email from your domain instead of and comply with modern anti-SPAM techniques.

How do I know it worked?

Please allow for a maximum of 24 hours for the results to show in the Zivver DNS Settings and refresh the page if the results aren’t shown after 24 hours. Zivver will show a checkmark for each DNS record that is successfully implemented in your DNS.

Remember that DANE and TRUSTED are not required for Zivver to send email from your domain.

Was this article helpful?

thumb_up thumb_down