Email DKIM and SPF help
3 minute read
Your SPF record should include at least
include:smtp-engine.com. Below is what the nodex.co.uk SPF record looks like. This allows us to send verified email from our mail provider, mailgun.org (for newsletters) and smtp-engine (our email smarthost for improved delivery). Unless we have discussed setting up mailgun for your email you will at minimum need to the smtp-engine include line in your SPF DNS TXT record.
v=spf1 mx include:spf.protection.outlook.com include:_spf.nodex.co.uk ~all
_spf.nodex.co.uk is simply an include for any providers we route email through on your behalf.
You should be careful to avoid having more than one DNS TXT entry for your SPF record as some providers take a different version of your record from the list and it may be the wrong one.
DKIM or DomainKeys Identified Mail allows senders to associate their domain name with an email message they are sending, this vouches for the authenticity. A sender creates the DKIM by transparently signing the email with a digital signature, this signature is attached to the header of the email. The sending email server or MTA generates the signature by way of a hash created via an algorithm which is calculated by the content of signed fields, this algorithm is unique to each email which mitigates replay attacks.
The public key used to generate the signature is stored as a
TXT record in the domain' DNS configuration, this allows the receiving mail server (such as Gmail / Hotmail) to lookup the public key, download it and use it to decrypt the
DKIM signature and verify that (a) the message is from who it says it's from and (b) the message has not been tampered with in transit.
All in all
DKIM is a very good way to guarantee email authenticity from your sending mail servers or Mail Transport Agents (MTA) and is a good signal to the receiving party that your email is genuine and is not spam and in turn normally gives better delivery rates as opposed to emails ending up in either spam, trash or at worst not getting delivered at all.
If you would like to discuss adding DKIM authentication to your recruitment website / recruitment CRM please get in contact to discuss the required steps and procedures need to carry it out.
Domain-based Message Authentication Reporting and Conformance (DMARC) is a free and open technical specification that is used to authenticate an email by aligning SPF and DKIM mechanisms. By having DMARC in place, domain owners large and small can fight business email compromise, phishing and spoofing. Co-authored by dmarcian’s founder, DMARC was first published in 2012.
With DMARC you can tell the world how to handle the unauthorized use of your email domains by instituting a policy in your DMARC record
The three policies are:
An example DMARC configuration which is a simple
TXT DNS entry looks like the following
v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1
WIth this configuration any potential email spoofing attacks will be rejected automatically by the recieving mail server and protect your domain against fishing attacks.