Email DKIM and SPF help
2 minute read
By Alex Mcauley on
SPF Record
Your SPF record should include at least include:_spf.nodex.co.uk
. Below is what the nodex.co.uk SPF record looks like. This allows us to send verified email from our mail providers for improved delivery.
v=spf1 mx include:spf.protection.outlook.com include:_spf.nodex.co.uk ~all
_spf.nodex.co.uk
is simply an include for any providers we route email through on your behalf.
You should be careful to avoid having more than one DNS TXT entry for your SPF record as some providers take a different version of your record from the list and it may be the wrong one.
DKIM Settings
DKIM or DomainKeys Identified Mail allows senders to associate their domain name with an email message they are sending, this vouches for the authenticity. A sender creates the DKIM by transparently signing the email with a digital signature, this signature is attached to the header of the email. The sending email server or MTA generates the signature by way of a hash created via an algorithm which is calculated by the content of signed fields, this algorithm is unique to each email which mitigates replay attacks.
The public key used to generate the signature is stored as a TXT
record in the domain' DNS configuration, this allows the receiving mail server (such as Gmail / Hotmail) to lookup the public key, download it and use it to decrypt the DKIM
signature and verify that (a) the message is from who it says it's from and (b) the message has not been tampered with in transit.
All in all DKIM
is a very good way to guarantee email authenticity from your sending mail servers or Mail Transport Agents (MTA) and is a good signal to the receiving party that your email is genuine and is not spam and in turn normally gives better delivery rates as opposed to emails ending up in either spam, trash or at worst not getting delivered at all.
If you would like to discuss adding DKIM authentication to your recruitment website / recruitment CRM please get in contact to discuss the required steps and procedures need to carry it out.
DMARC Settings
Domain-based Message Authentication Reporting and Conformance (DMARC) is a free and open technical specification that is used to authenticate an email by aligning SPF and DKIM mechanisms. By having DMARC in place, domain owners large and small can fight business email compromise, phishing and spoofing. Co-authored by dmarcian’s founder, DMARC was first published in 2012.
With DMARC you can tell the world how to handle the unauthorized use of your email domains by instituting a policy in your DMARC record
The three policies are:
p=none
p=quarantine
p=reject
An example DMARC configuration which is a simple TXT DNS
entry looks like the following
v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1
WIth this configuration any potential email spoofing attacks will be rejected automatically by the recieving mail server and protect your domain against fishing attacks.