Understanding SPF, DKIM and how to Set them up.

Understanding SPF, DKIM, and how to Set them up. what are SPF and DKIM? How are they important and how to set them up?

What is SPF?

SPF: Sender Policy Framework 

Adding an SPF record can help prevent others from spoofing your domain. You can specify which mail servers are permitted to send an email on behalf of your domain. Then, when incoming mail servers receive email messages from your domain name, they compare the SPF record to the outgoing mail server information. If the information doesn’t match, they identify the email message as unauthorized, and will generally filter it as spam or reject it.


What is DKIM?

DomainKeys Identified Mail
allows the senders to authenticate their emails by including a digital signature in the email header.  DKIM uses public-key cryptography to verify that an email message was sent from an authorized mail server.

Why do I need to set up SPF and DKIM and why are they important?

SPF and DKIM are fundamental components of email authentication and help protect email senders and recipients from spam, spoofing, and phishing.
This helps you in increasing your email deliverability and reduces the chances of your emails ending up in SPAM.

How do I set up SPF and DKIM?

To set up SPF and DKIM for your mail servers you should add a "TXT" type records to your DNS records.

Setting up SPF:

The record starts with v=spf1 so that it is identified as an SPF record and the record looks something like this: 

Screenshot 2021-12-29 at 2.40.54 PM

Mails sent from servers that are not included in the SPF record get tagged as soft fail and may be flagged as spam or suspicious, which is why having SPF set is a good practice to end up your mails in the receiver's inbox.

You can find help on how to setup SPF for a few domain hosts:

  1. Google

  2. Microsoft

  3. Amazon SES

  4. GoDaddy

Setting up DKIM:

To set DKIM on your server you will have to first generate a public key that is to be added to the record and the record has to be added in your DNS records.

To do that, you will have to access your email’s provider admin console and the steps may differ depending on your email provider.

Once the public key is generated you will have to add a record that has the key that is generated.

The record looks like this:

Screenshot 2021-12-29 at 2.40.59 PM

Where the string is the key that is generated.

After the record is added, you will have to turn on email signing to start sending emails including your signature encrypted with your private key.

You can find help on how to set up DKIM for Google and Microsoft.