Artikelen in deze sectie

SPF, DKIM, and DMARC Authentication

Raymond Leffelaar
  • Bijgewerkt
Volgen

"Beginning in February 2024 Gmail and Yahoo will begin requiring DKIM and DMARC for users that send over 5,000 emails to Gmail or Yahoo per campaign to achieve delivery. However, we highly recommends all senders set up DKIM and DMARC. Apart from this strong requirement, there are many additional benefits"

 

When you send emails, mailbox providers (such as Gmail, Outlook, AOL, and Yahoo) need to identify whether the message is a legitimate email sent from the domain name's owner or email address or a forged email sent by a spammer or phisher.

There are three established methods used to verify a sender's identity. These are SPF, DKIM, and DMARC.

SPF

SPF (Sender Policy Framework) records are TXT records on your domain that authorize specific servers to send mail using your domain name. We automatically configures SPF for all customers. This means you don't need to create an SPF record or modify an existing one to work with your account. This applies even if you are using a Custom Domain.

If you would still like to add our platform to your existing SPF record (even though it is unnecessary), you can add "include:emsd1.com" to your current SPF record. For example, if you send emails from both G Suite and our platform, your SPF record might look like this:

v=spf1 include:emsd1.com include:_spf.google.com ~all


You can only create one SPF record for your domain name. If you have an existing SPF record, you will need to modify your current record instead of creating a new SPF record.

 

DKIM

 DKIM and DMARC authentication is required beginning February 2024 for accounts that send over 5,000 emails a day following upcoming changes by Gmail and Yahoo regarding authentication requirements. We highly recommend all senders set up DKIM and DMARC. 

 

For more information on these changes see our blog post A Guide to Google and Yahoo authentication Changes in 2024.

DKIM (Domain Keys Identified Mail) is a signature any sender can apply to their email messages. This signature makes clear that the message's purported sender is actually the message's sender. You can use any domain as the signature. For example, a company called "Dog Bandanas" will sign their messages with the "dogbandanas.com" domain to confirm that the message was sent by "Dog Bandanas."

This is accomplished by inserting a hidden, cryptographic signature into your email header (We will do this) and then placing a public key on your website that verifies the authenticity of this signature.

All mail sent from our platform will use our's DKIM signature by default. our DKIM signature has an excellent reputation and is sufficient for most senders. However, it is easy to set up DKIM for your domain if you want to.

We have updated our DKIM process from TXT records to CNAME records. If you set up your DKIM before February 23, 2023, your TXT records will still work and remain valid. However, we recommend setting up your DKIM with the following CNAME records instructions since it is more secure.

To setup DKIM:

  1. Log in to your account as the Primary Admin user.
  2. Click Settings, located on the left menu.
  3. Click the Advanced tab.
  4. Click the "I will manage my own email authentication" option.
  5. We will generate two CNAME records. Please set up both CNAME records in the DNS provider for your domain (i.e. Godaddy).

     The domains you enter will not save on this page. Once you choose “I will manage my own email authentication,” all verified domains will sign with DKIM. Click “Check DNS” to ensure that all your domains have the proper DNS.

    Your DNS host is typically the company with which you registered your domain or who hosts your website, for example, Godaddy. You can also use this tool to confirm who your DNS provider is. Most DNS hosts will require the following items to set up your CNAME records:

  • Type
    Choose CNAME.

  • Name or Host
    Copy and paste the CNAME “Name” from your account for each CNAME record, like acdkim1._domainkey (most common), or the full CNAME “Name” like acdkim1._domainkey.mydomain.com (less common). Which one you should use depends on whether your DNS provider automatically adds the domain name to the DNS records you create. If you are unsure which to use, look at the format of other DNS records in your settings (do they include the domain name in the Name or Host field?) or ask your DNS provider.

  • Value or Record
    Copy and paste the CNAME “Value” shown inside your account, for each CNAME.

  • TTL
    TTL means "Time Till Live." Use the recommended or default setting of your DNS host. If there isn't a default setting, we recommend 300 (5 minutes).

    This process will vary slightly based on your web host. To find specific instructions for your host, use your preferred search engine to look up "Add CNAME record at _____," replacing the blank line with your DNS provider. For convenience, we've included some common DNS providers below:

GoDaddy

Cloudflare

Amazon Route 53

  • Once you have set up both CNAME records in your DNS provider, return to your account and go to Settings > Advanced. Then, click “Check DNS” to verify that you have set up your DNS records correctly.

    Additionally, you can test a live email with mail-tester.com to ensure that DKIM is working.

  • After setting up your DNS records correctly for all your From address domains, click “Save Settings” at the top of the page.

    Note that sending emails from several domains requires setting up each domain with the proper DNS records for DKIM.

DMARC

DKIM and DMARC authentication is required beginning February 2024 for accounts that send over 5,000 emails a day following upcoming changes by Gmail and Yahoo regarding authentication requirements. We highly recommends all senders set up DKIM and DMARC. 

For more information on these changes see our post A Guide to Google and Yahoo authentication Changes in 2024.

Configure DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) before configuring DMARC.
DKIM and SPF should be authenticating messages for at least 48 hours before turning on DMARC.

The domains used in the steps below are examples only. Replace these example domains with your own domains.

Do these steps in the management console for your domain host, not in the Admin console. Who is my domain host?

Have the text file or line that represents your policy record ready.
Sign in to the management console for your domain host.
Locate the page where you update DNS records.

Add a DNS TXT record, or modify an existing record, by entering your record in the TXT record for _dmarc.

TXT record name: In the first field, under the DNS Host name, enter: _dmarc.solarmora.com
Important: Some domain hosts automatically add the domain name after _dmarc. After you add the TXT record, you can verify the DMARC TXT record name to make sure it's formatted correctly.

TXT record value: In the second field, enter the text for your DMARC record, for example:
v=DMARC1; p=none

DNS example:

The field names might be different for your provider. DNS TXT record field names can vary slightly from provider to provider. The domain used here is an example domain. Replace solarmora.com with your own domain.

Save your changes.

SenderID

SenderID is an authentication standard that was created by Microsoft and intended as a replacement for SPF. However,  Sender ID has since been deprecated and is no longer used; therefore, you do not need to configure it.

If you have any Sender-ID records currently set in DNS (TXT record starting with spf2.0), you should remove them.

SPF (record starting with v=spf1) is still the industry's authentication standard widely supported and recommended.

 

Dkim & Dmarc laten inregelen en controleren door onze afdeling 'professional service'? Neem contact op.  (wij vragen hier een vergoeding voor).

 

 

 

Verwante artikelen

Opmerkingen

0 opmerkingen

Artikel is gesloten voor opmerkingen.