DKIM verification and SPF

EmailsDashboard

Email authentication is a critical part of reliable email delivery. When a custom sender domain is used, receiving mail servers must be able to verify that emails are legitimately sent on behalf of that domain.

In Fundraise Up, DKIM is the primary mechanism used to authenticate emails. SPF, while commonly referenced in email documentation, is handled differently and does not require customer configuration. This article explains how DKIM verification works, why it may fail, and what it means when you cannot find SPF instructions.

DKIM verification

What DKIM is used for

DKIM (DomainKeys Identified Mail) allows Fundraise Up to send emails from your domain while cryptographically proving that the message was authorized and not modified in transit. Without a valid DKIM record, emails sent from a custom domain cannot be verified.

How DKIM works in Fundraise Up

When you add a custom sender email address, Fundraise Up generates a DKIM TXT record. This record must be added to your domain’s DNS exactly as provided.

Any formatting differences between the record shown in the dashboard and the one published in DNS will cause verification to fail.

Common reasons DKIM verification fails

Most DKIM verification issues are caused by DNS formatting or maintenance changes rather than incorrect record values. These problems often occur during initial setup or after later DNS updates.

Common causes include:

  • Extra spaces added before or after the DKIM TXT value
  • Line breaks or text wrapping applied automatically by the DNS provider
  • The DKIM record being removed during domain migrations or DNS cleanup
  • Changes to DNS providers that did not carry over existing DKIM records
  • DNS propagation delays, which can take up to 24 hours after adding or updating the record

Any of these issues can prevent DKIM verification, even if the record appears correct at first glance.

How to troubleshoot DKIM verification

If DKIM verification fails, the first step is to confirm that the record is publicly visible in DNS and matches exactly what was provided during verification.

Option 1: Check DKIM using nslookup

You can query your DNS directly using a terminal or command prompt. The nslookup command is available by default on Windows, macOS, and Linux.

1nslookup -type=TXT fun-ACCOUNTID._domainkey.yourdomain.com

Replace:

  • ACCOUNTID with your Fundraise Up account ID. It’s shown in your DKIM record.
  • yourdomain.com with your organization’s domain

The output should include a TXT record containing the full DKIM value. If no record is returned, or if the value is incomplete or formatted differently, DKIM verification will fail.

Option 2: Use a third-party DKIM lookup tool

If you prefer a web-based option, you can use a DKIM lookup tool such as dnschecker.org.

To check your record:

  • Enter fun-ACCOUNTID._domainkey as the selector. Replace ACCOUNTID with your Fundraise Up account ID. It’s shown in your DKIM record.
  • Enter your organization’s domain
  • Run the lookup and confirm that the DKIM record is returned consistently

If the record does not appear or differs from what is shown in the Fundraise Up dashboard, update your DNS record and allow time for propagation before retrying verification.

DKIM was verified before but later stopped working

This usually means the DKIM record was removed or modified after verification. Because DKIM must remain present at all times, removing or changing the record immediately breaks email authentication.

When Fundraise Up detects an issue with DKIM verification, the system automatically sends a notification email informing you that your custom email domain has been invalidated. This notification includes the exact DKIM TXT record name that is missing or misconfigured and explains that the record is required to continue sending emails from your custom domain.

While DKIM is invalid, there is no interruption to supporter communications. Emails continue to send successfully, but they are sent from noreply@fundraiseup.com, with your custom sender address set as the reply-to address.

To restore full verification, re-add the original DKIM record exactly as shown in the dashboard and allow time for DNS propagation. Once the record is publicly available again, reverify the sender email in the Fundraise Up dashboard.

SPF records

Why SPF is commonly searched for

SPF (Sender Policy Framework) is another email authentication mechanism that defines which servers are allowed to send emails for a domain. It is common for users to look for an SPF record when configuring email authentication.

Why Fundraise Up does not provide SPF records

No SPF configuration is required for Fundraise Up.

Emails are delivered through Amazon SES, which handles SPF authentication automatically as part of the underlying email infrastructure. Sending IP addresses are managed by the provider and may change over time, so publishing static SPF records or IP ranges would be unreliable.

For this reason, Fundraise Up does not provide SPF records, and there is nothing you need to add to your DNS.

If you cannot find SPF instructions in our documentation, this is expected and does not indicate a configuration issue.

Top Topics
Platform basics
Dashboard
Integrations
Payments
Payment Methods
Checkout
Elements
Stripe
Donor Portal
Installation
CMS
PayPal
Quickstarts
Marketing & Analytics
JavaScript API

Still need help?

Need help with something not covered in Support Center? Connect with a support engineer for more assistance.
Email us