Setting up DNS Records (Email) - SPF/DKIM/DMARC

Follow

When sending an email, a recipient's ISP will use a variety of methods to determine if you are permitted and sending legitimate (non-spam related) emails from your email address. 

The three main methods used to verify a sender's identity are called SPF, DKIM and DMARC. These need to be set up from your sender domain in Outlook/Gmail. 

 

Screen_Shot_2017-05-18_at_11.18.43.png

 

SPF (Sender Policy Framework)

An SPF record is in place to identify whether or not a mail server is authorised to send from a given domain. This is to ensure spammers aren't sending emails from fraudulent "From" addresses. 

Most DNS editors require you to input these as "TXT" records. Although each editor is different, you may need to contact your hosting provider for information on how to enter this correctly.

 

DKIM (DomainKeys Identified Mail)

This allows receiving servers to confirm that emails coming from a domain are authorised from the sender's domain administrators. Acting essentially as a signature that any sender applies to their outgoing email messages - i.e. CANDDi signs our emails with the "canddi.com" domain to confirm it was actually sent by us. 

Again, these need to be entered in as "TXT" records within your DNS editor. 

 

DMARC (Domain-based Message Authentication, Reporting & Conformance)

This is an authentication protocol that is built on top of SPF and DKIM protocols, these two have to be set up before a DMARC policy can be implemented.  

Essentially, DMARC allows a sender to indicate that their emails are signed by SPF and DKIM whilst also talking to the receiver's spam protocols to report which emails pass or fail DMARC evaluation.

 

In order to set these protocols up, you will have to refer to your DNS configuration within whichever email platform and domain you use. You'll will also find the recommended "TXT" records you'll need to input there. 

 

 

 

 

 

 

Have more questions? Submit a request

Comments