How to verify and update your SPF, DKIM and DMARC records

SPF, DKIM and DMARC represent a valid help to prevent your domain from being used for Email Spoofing attacks, i.e. sending messages with a fake sender. They are also useful for improving domain reputation and email deliverability rates.

The attacks that exploit the Email Spoofing technique are constantly increasing, so it is important to protect your domains with the publication of SPF Records, DKIM signature and DMARC Policy. It is equally important to set them correctly and keep them up to date.

What is SPF

SPF is a DNS Record that “declares” which IP addresses are authorized to send emails in the name of your domain. It also tells recipients what to do if they receive messages from IPs other than those authorized. Publishing an SPF Record for your domain and keeping it updated with each change of provider is essential to ensure that your emails are delivered regularly to recipients.

What is DKIM

DKIM is a protocol used to digitally sign outgoing messages from SMTP servers. It serves to certify that that message was actually sent by a specific provider. DKIM by itself does not guarantee a better email delivery rate, as Spam senders can also sign their messages with DKIM, but it creates a reputation for the provider your email messages originate from. A provider, with its own DKIM signature, which sends quality emails (so please users), will have an excellent reputation and its DKIM signature will guarantee that it can recognize these messages.

What is DMARC

DMARC is an Email Message Validation Protocol. It becomes very useful in particular when a message does not respect the SPF and DKIM specifications declared by the domain owner, establishing what the recipient providers should do.

The DMARC policy is published as a TXT record in your domain’s DNS.

DMARC also allows you to receive daily records, in XML format, with the summary of email messages that do not comply with the policies you have defined. DMARC does not serve to improve the reputation of messages or to prevent them from ending up in spam, on the contrary if configured incorrectly it can lead to serious problems with the delivery of your emails. It is designed for companies that send large volumes of emails and are often victims of scams, for example example banks, e-commerce, couriers and so on.

How to set up SPF, DKIM and DMARC records for Qboxmail

Qboxmail provides you with the correct DNS settings to add to your domains.

SPF:

v=spf1 include:spf.qboxmail.com mx a -all

If you have already published a DNS record, check that it ends with “-all”. Here you will find all the details to correctly set the SPF record for your domain: SPF Record settings.

DKIM:

If you use the Qboxmail SMTP service you don’t have to do anything, the emails sent are already signed with DKIM. If necessary, you can set up a custom DKIM signature for your domain. You can find more information here.

DMARC:

v=DMARC1; p=quarantine; rua=mailto:rua@dmarc.qboxmail.com; ruf=mailto:ruf@dmarc.qboxmail.com

Here you will find all the details to correctly set up a DMARC policy for your domain: DMARC Policy settings.

Toolbox Tool: Check if DNS settings are correct

Qboxmail provides you with a special tool to check if the DNS settings of your domain are correctly configured, you can check the MX, SPF and DMARC records and immediately know if there are any problems.

You can find Toolbox directly here.

About Qboxmail

Qboxmail is a cloud business email management service that provides a suite of complete tools to manage emails anywhere. It includes an advanced Email Security system.

For more information contact us, we will be happy to explain our services in detail.

If you want to take advantage of the free trial of all our services
for 30 days sign up here

On our blog you will find an article to learn more about Email Spoofing and how to protect your emails.