Email Authentication
To have fully authenticated emails 3 things are needed: SPF records, DKIM records, and DMARC records. Once everything is fully set you would expect to see something like this (in gmail, view original):
Or if you use our email testing button, it would show as fully authenticated:
Setup SPF
Setting the SPF record is fairly straightforward. You create a TXT record on your domain (no sub domain part) and set the value to:
v=spf1 mx a include:_spf.activedemand.com ?all
It would look something like this:
Testing the Setup
You can test that this is fully setup using mxtoolbox (https://mxtoolbox.com/SuperTool.aspx). Select “SPF Record Lookup” in the dropdown. In the input, enter yourdomain.com:
DKIM
Why use DKIM
DKIM is an email security standard that uses encrypted keys to verify you are allowed to send emails through that domain. This helps to protect your domain against spoofing.
Setup DKIM
Your DKIM setup should be taken care of automatically when you set these CNAME records:
The records when set should look like this:
Testing the setup
You can test that this is fully setup using mxtoolbox (https://mxtoolbox.com/SuperTool.aspx). Select “DKIM Lookup” in the dropdown. In the input, enter yourdomain.com:ad:
DMARC
Why use DMARC?
DMARC is used with SPF and DKIM records to authenticate mail senders. The DMARC record shows the receiving mail server what to do with messages from your domain that don’t pass SPF or DKIM.
Setup DMARC
The DMARC record will be a TXT record on your domain with a record name of _dmarc. The value may change slightly, but it will have 3 main semicolon separated parts.
- Tag value pair v=DMARC1 … this is the only valid value for this
- Tag value pair for “p”. The value can be none, quarantine, or reject. It's a good idea to set it to none or quarantine until you can confirm it's behaving the way you want.
- Tag value pairs for where failures should be sent. The format is a comma separated list of emails (i.e. rua=mailto:engineering@fakeaccount.ca,mailto:security@fakeaccount.ca):
- rua: Aggregate reports will be sent here
- ruf: Detailed reports will be sent here
The completed record will look something like this:
Record type: TXT
Host: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:engineering@fakeaccount.ca
Testing the setup
You can test that this is fully setup using mxtoolbox (https://mxtoolbox.com/SuperTool.aspx). Select “DMARC Lookup” in the dropdown. In the input, enter yourdomain.com:
Comments
Please sign in to leave a comment.