When you email Ada, we verify that your message is actually coming from your email domain — not from someone pretending to be you. If your domain's email authentication isn't properly configured, your message won't be delivered and you'll receive an auto-reply directing you to this page.
Why does Read require email authentication?
Read AI's email-based assistant processes requests on your behalf — things like scheduling, retrieving information, and coordinating with others. Because the assistant acts on instructions received via email, it's critical that we can verify the sender's identity.
Email authentication protocols (SPF, DKIM, and DMARC) are the industry standard for proving that an email genuinely came from the domain it claims to come from. Without these protections, a bad actor could send emails that appear to come from your address and instruct the assistant to take actions you never authorized.
To prevent this, Read drops any inbound message from a sending domain that fails SPF, DKIM, or DMARC validation. This protects you and your organization from spoofing and impersonation.
What are SPF, DKIM, and DMARC?
These three protocols work together to authenticate email:
SPF (Sender Policy Framework) defines which mail servers are authorized to send email on behalf of your domain. It's configured as a DNS TXT record.
DKIM (DomainKeys Identified Mail) adds a cryptographic signature to outgoing emails, allowing the recipient to verify the message wasn't altered in transit. It also requires a DNS TXT record.
DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together with a policy that tells receiving servers what to do when authentication fails. It's published as a DNS TXT record and requires at least one of SPF or DKIM to be properly configured first.
How to configure email authentication for your domain
Setting up these records requires access to your domain's DNS settings. If you're not sure who manages your domain's DNS, check with your IT team or domain registrar.
Here are trusted guides for getting each protocol configured:
- SPF: Google Workspace — Set up SPF · Microsoft 365 — Set up SPF
- DKIM: Google Workspace — Turn on DKIM · Microsoft 365 — Set up DKIM
- DMARC: Google Workspace — Set up DMARC · Microsoft 365 — Set up DMARC
If you use a different email provider, check their documentation for instructions on setting up SPF, DKIM, and DMARC. You can also use free tools like MXToolbox or Google Admin Toolbox to verify your current configuration.
What to do after making changes
Once your domain's SPF, DKIM, and DMARC records are properly configured:
- Allow time for DNS propagation. DNS changes can take anywhere from a few minutes to 48 hours to fully propagate, though most updates take effect within an hour.
- Verify your records. Use MXToolbox to confirm your SPF, DKIM, and DMARC records are resolving correctly.
- Re-send your original email. Read does not automatically retry messages that were previously dropped. You'll need to send a new email to the assistant to start your conversation.
If you've confirmed your email authentication is properly configured and are still receiving this error, please contact us at support@read.ai.