Setting up DNS Records (Email) - SPF/DKIM/DMARC
When sending an email, a recipient's ISP will use a variety of methods to determine if you are permitted and sending legitimate emails. The three main methods used to verify a sender's identity are called SPF, DKIM and DMARC. These need to be set up from your sender domain in Outlook/Gmail.
SPF (Sender Policy Framework)
An SPF record is in place to identify whether or not a mail server is authorised to send from a given domain. This is to ensure spammers aren't sending emails from fraudulent 'From' addresses.
Most DNS editors require you to input these as 'TXT' records. Although each editor is different, you may need to contact your hosting provider for information on how to enter this correctly.
DKIM (DomainKeys Identified Mail)
This allows receiving servers to confirm that emails coming from a domain are authorised from the sender's domain administrators. Acting essentially as a signature that any sender applies to their outgoing email messages - i.e. CANDDi signs our emails with the "canddi.com" domain to confirm it was actually sent by us.
Again, these need to be entered in as 'TXT' records within your DNS editor.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
This is an authentication protocol that is built on top of SPF and DKIM protocols, these two have to be set up before a DMARC policy can be implemented.
Essentially, DMARC allows a sender to indicate that their emails are signed by SPF and DKIM whilst also talking to the receiver's spam protocols to report which emails pass or fail DMARC evaluation.
In order to set these protocols up, you will have to refer to your DNS configuration within whichever email platform and domain you use. You will also find the recommended 'TXT' records you'll need to input there.
Have more questions? Contact us at hello@canddi.com or 0161 414 1080
SPF (Sender Policy Framework)
An SPF record is in place to identify whether or not a mail server is authorised to send from a given domain. This is to ensure spammers aren't sending emails from fraudulent 'From' addresses.
Most DNS editors require you to input these as 'TXT' records. Although each editor is different, you may need to contact your hosting provider for information on how to enter this correctly.
DKIM (DomainKeys Identified Mail)
This allows receiving servers to confirm that emails coming from a domain are authorised from the sender's domain administrators. Acting essentially as a signature that any sender applies to their outgoing email messages - i.e. CANDDi signs our emails with the "canddi.com" domain to confirm it was actually sent by us.
Again, these need to be entered in as 'TXT' records within your DNS editor.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
This is an authentication protocol that is built on top of SPF and DKIM protocols, these two have to be set up before a DMARC policy can be implemented.
Essentially, DMARC allows a sender to indicate that their emails are signed by SPF and DKIM whilst also talking to the receiver's spam protocols to report which emails pass or fail DMARC evaluation.
In order to set these protocols up, you will have to refer to your DNS configuration within whichever email platform and domain you use. You will also find the recommended 'TXT' records you'll need to input there.
Have more questions? Contact us at hello@canddi.com or 0161 414 1080
Updated on: 05/02/2020
Thank you!