Configuring your GoDaddy domain for MailShield

To allow MailShield to protect your organisation, you need to tell the internet to route your emails through our security filters. You do this by updating the DNS records in your GoDaddy account.

Do not worry if this sounds highly technical. It is essentially like filing a change-of-address form with the post office, and the process only takes a few minutes.

Finding your DNS settings

First, log into your GoDaddy account and navigate to your main dashboard.

1. Locate the domain you want to protect and click on it to open its settings.
2. Look for an option called DNS, Manage DNS, or DNS Management and click on it.
3. You will now see a table listing your current domain records.

Setting up inbound protection (MX Records)

Mail Exchange (MX) records dictate where your incoming mail is delivered. We need to point them to MailShield so we can intercept threats.

1. Delete existing records: Look through your list of records for any where the Type is MX. Click the delete or bin icon next to each one. This step is absolutely crucial; if you leave your old records active, spammers will simply bypass our security filters and deliver junk straight to your inbox.
2. Add the new record: Click the Add New Record button. Select MX from the Type dropdown menu.
3. In the Name or Host field, type the @ symbol (which stands for your main domain).
4. In the Value or Points to field, paste the incoming server address provided in your MailShield dashboard (this is typically seg-in.cadmuscyber.com).
5. For Priority, type 10.
6. Click Save.
7. Return to the Fix MX Records page in your MailShield dashboard and click Run DNS Verification. The system will check your new records and confirm your inbound protection is active.

Securing outbound emails

To protect your outgoing emails—like invoices and business proposals—and ensure they do not end up in your clients' junk folders, you need to route your outbound mail through MailShield and prove to the internet that we are authorised to send it.

Generate your Smart Host credentials

1. In the MailShield portal, navigate to the Outbound Setup page and click Generate Outbound Profile.
2. The system will provide you with a specific Smart Host address, a username, and a secure SMTP password. Copy this password immediately. For security reasons, it is only displayed once and cannot be retrieved later.
3. Using these credentials, you will need to update your email provider (like Microsoft 365 or Google Workspace) to route outgoing mail through the MailShield Smart Host on port 587 with TLS authentication enabled.

Updating your SPF record Sender Policy Framework (SPF) is a simple text record that lists your approved senders.

1. Scan your GoDaddy records for an existing TXT record where the Value begins with v=spf1.
2. If you already have one, click to edit it. You need to add include:_spf.cadmuscyber.com into the middle of the text, just before the ~all or -all at the end.
3. If you do not have an existing SPF record, click Add New Record, choose TXT as the type, type @ for the Name, and paste the exact SPF value provided in your MailShield dashboard into the Value field. Save the record.

Adding your DKIM record DomainKeys Identified Mail (DKIM) attaches a hidden, cryptographic signature to your outgoing mail, proving it genuinely came from your organisation.

1. Click Add New Record in GoDaddy.
2. Choose TXT as the Type.
3. In the Name field, type cadmus._domainkey.
4. In the Value field, paste the long cryptographic key provided on your MailShield Outbound Setup page.
5. Click Save.

Waiting for the changes

Once you have saved these records, return to the MailShield Outbound Setup page and click Verify DNS.

The internet acts like a giant, slow-updating address book. It can take anywhere from a few minutes to a few hours for these changes to spread globally. During this short transition period, your mail flow will not be interrupted, and your MailShield dashboard will automatically confirm once everything is perfectly aligned.