What is SPF?

SPF : Sender Policy Framework 

Adding an SPF record can help prevent others from spoofing your domain. You can specify which mail servers are permitted to send email on behalf of your domain. Then, when incoming mail servers receive email messages from your domain name, they compare the SPF record to the outgoing mail server information. If the information doesn’t match, they identify the email message as unauthorized, and will generally filter it as spam or reject it.

What is DKIM?

DomainKeys Identified Mail
allows the senders to authenticate their emails by including a digital signature in the email header.  DKIM uses public key cryptography to verify that an email message was sent from an authorized mail server.

Why do I need to set-up SPF and DKIM and why are they important?

SPF and DKIM are fundamental components of email authentication and help protect email senders and recipients from spam, spoofing, and phishing.
This helps you in increasing your email deliverability and reduce the chances of your emails ending up in SPAM.

How do I set-up SPF and DKIM?

To set up SPF and DKIM for your mail servers you should add a "TXT" type records to your DNS records.

Setting up SPF:

The record starts with v=spf1 so that it is identified as a SPF record and the record looks something like this:

v=spf1 include:spf.yourdomain.com ?all

You can also add multiple mail servers in the record before "?all"

Mails sent from servers that are not included in the SPF record gets tagged as soft fail and maybe flagged as spam or suspicious, which is why having SPF set is a good practice to end up your mails in the receiver's inbox.

You can find help on how to setup SPF for few domain hosts:

  1. Google

  2. Microsoft

  3. Amazon SES

  4. GoDaddy

Setting up DKIM:

To set DKIM on your server you will have to first generate a public key that is to be added in the record and record has to be added in your DNS records.

To do that, you will have to access your email’s provider admin console and the steps may differ depending on your email provider.

Once the public key is generated you will have to add a record which has the key that is generated.

The record looks like this:

v=DKIM1; p=Em5ncxlH4vgjRyU4mT45Aup4MIu4MwIbOJNRs18DedghiUMiS4GvXdFHzzarPXat;

Where the string is the key that is generated.

After the record is added, you will have to turn on email signing to start sending emails including your signature encrypted with your private key.

You can find help on how to setup DKIM for Google and Microsoft.

Did this answer your question?