Setting up email authentication for Kajabi

Kajabi began requiring Strict DMARC on every custom email domain on February 9, 2026 — miss the April 30, 2026 deadline and your custom domain gets disabled, dropping you back to Kajabi's shared sending pool.

Check your domain first — 10 seconds, free, no signup.
See your DMARC policy, SPF lookup count and every issue explained in plain English.
Run the free check →

The one-paragraph version

Kajabi now requires Strict DMARC on every custom email domain — a change that took effect February 9, 2026. If Kajabi manages your DNS, this was applied automatically: your sending address now includes a kjbm subdomain (for example you@kjbm.yourdomain.com) and no action is needed. If you manage your own DNS, go to Settings → Marketing Settings → Email Settings, click Enable Strict DMARC to get your record, add it at your DNS provider, then return to confirm propagation — your domain must include the kjbm subdomain either way. Miss the April 30, 2026 deadline and Kajabi disables your custom email domain: you can still send, but from a shared address like you@x.kajabimail.net instead of your own domain. Source: help.kajabi.com · verified 2026-07-17

The full checklist

Step 1. Complete domain authentication inside the service (see above) and paste the DNS records it generates.
Step 2. Make sure your SPF record includes this service — and count your lookups: the limit is 10 and every service adds some.
Step 3. Publish DMARC with p=none and a rua address, watch reports for a week, confirm this sender shows 100% pass.
Step 4. Only then tighten the policy — quarantine, then reject.

Frequently asked

Will this change break my current sending?

No. Adding SPF includes and DKIM records only adds authentication — it never blocks existing mail. The only risky step is tightening your DMARC policy, and that comes later, after reports confirm everything passes.

How do I know it worked?

Send yourself a test email and inspect the headers for spf=pass, dkim=pass and dmarc=pass — or just watch your DMARCKeeper dashboard: the sender's pass rate should hit 100% within a day or two.

Do I still need DMARC if SPF and DKIM are set up?

Yes. SPF and DKIM authenticate mail; DMARC is what tells receivers to BLOCK mail that fails, and it's the piece Gmail, Yahoo and Outlook now check for explicitly.

Don't want to babysit DNS records?
DMARCKeeper monitors your reports, names every sender, and walks you to full p=reject protection.
Start free monitoring →