|Subject:||How to use SPF, DKIM and DMARC for your domain|
|Creation date:||8/10/17 1:29 PM|
|Last modified on:||8/10/18 3:03 PM|
|SPF prevents forgery by designating a handful of IP addresses where emails can originate for your domain. SPF check will fail
if a spammer sends a forged message from their own IP, allowing Xeams and other servers to treat that as spam.
It is very easy to forge a sender's email address but is very difficult to forge an IP address. This makes SPF very effective in combating email forgeries.
|DKIM ensures the message was actually composed by someone belonging to the domain they claim to be part of. Additionally, it ensures the message is not modified in transit.
Technically, the message is digitally signed by the email server before leaving and this signature is verified by the receiving end, allowing the receiving end to
verify the authenticity of the message.
Xeams can assign a score to any incoming message where DKIM signature does not match.
|DMARC builds on top of SPF and DKIM. This not only helps prevent forgery but also provides a sophisticated reporting mechanism allowing the senders to fine tune their SPF and DKIM rules.
Xeams adds a score if DMARC alignment fails. Additionally, it can also process incoming reports and send outbound reports to other email servers on the Internet.
v=spf1 mx ~all
v=spf1 mx ip4:188.8.131.52/32 ~all
v=spf1 mx ip4:184.108.40.206/32 include:friendlyhr.com ~allNotice the ending
~allat the end of each record. This means a SOFTFAIL. An alternative approach is to use a
-all, which indicates a FAIL. Receiving server will most likely reject any incoming message that fails an SPF test and see a
-allin the SPF record. Further analysis will be performed when a
~allis used before considering it a forged message.
"v=DMARC1; p=none; rua=mailto:email@example.com"This ensures the receiving servers will not consider your email junk even if DMARC does not align.
quarantine. The DNS record will then look like:
"v=DMARC1; p=quarantine; rua=mailto:firstname.lastname@example.org"The email address specified above
(email@example.com)is a special address handled automatically by Xeams to accept incoming reports from other servers.
Do you have a helpful tip related to this document that you'd like to share with other users?