Setting up SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) helps protect your email domain from being used for email spoofing and improves email deliverability. Here's a step-by-step guide for setting them up:
1. SPF Setup
Identify Your Sending Servers: List all the IP addresses and domains that send email on behalf of your domain.
Create an SPF Record: This is a TXT record in your domain's DNS settings.
Example SPF record:
v=spf1 ip4:192.0.2.0/24 include:example.com -all
v=spf1specifies the SPF version.ip4:192.0.2.0/24specifies an IP range allowed to send mail.include:example.comincludes SPF records from another domain.-allmeans only the listed servers are allowed to send mail (soft fail is~all).
Add the SPF Record to DNS: Add the TXT record to your domain's DNS settings.
2. DKIM Setup
Generate DKIM Keys: Generate a public-private key pair using your email server or a DKIM tool.
Publish the Public Key: Add a TXT record to your DNS with the public key.
Example DKIM DNS record:
Name: default._domainkey.yourdomain.com
Type: TXT
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCo.... (public key)
v=DMARC1specifies the DMARC version.p=quarantinespecifies the policy (none, quarantine, reject).ruais the email address for aggregate reports.rufis the email address for forensic reports.pct=100applies the policy to 100% of emails.
Add the DMARC Record to DNS: Add the TXT record to your domain's DNS settings.
Verification
- SPF Verification: Use tools like MXToolbox or your DNS provider’s tools to verify your SPF record.
- DKIM Verification: Send an email to a DKIM verification service or use your email server’s testing tools.
- DMARC Verification: Use DMARC report tools or services to ensure your policy is working correctly and to monitor for issues.
DMARC Record:Name: _dmarc.yourdomain.com Type: TXT Value: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-reports@yourdomain.com; pct=100