Setting up SPF and DKIM for Email Authentication

Learn what SPF and DKIM are, why they are important, and how to set them up for your email servers

Have you ever received an email that looked suspicious or ended up in your spam folder? It's likely that the sender didn't have proper email authentication in place, such as SPF and DKIM.

In this article, we will explain what SPF and DKIM are, why they are important, and how you can set them up for your email servers.

What is SPF?

SPF stands for Sender Policy Framework. It is a type of email authentication that allows you to specify which mail servers are authorized to send emails on behalf of your domain. When incoming mail servers receive emails from your domain, they check the SPF record to make sure the outgoing mail server information matches. If there is a discrepancy, the email may be marked as unauthorized or spam.

What is DKIM?

DKIM stands for DomainKeys Identified Mail. It is another type of email authentication that uses a digital signature to authenticate emails. This signature is added to the email header and verified by the receiving mail server. This helps ensure that the email was sent from an authorized mail server.

Why are SPF and DKIM important?

SPF and DKIM are essential components of email authentication that protect both senders and recipients from spam, spoofing, and phishing attacks. Having proper authentication in place can improve your email deliverability and reduce the chances of your emails ending up in spam folders.

Setting up SPF

SPF is an email authentication protocol that helps prevent email spoofing by verifying that the sender's email address is legitimate. 

You can find help on how to setup SPF for a few domain hosts:

Google
Microsoft
Amazon SES
GoDaddy

**Here's how to set up SPF:**

Log in to your domain hosting account and access the DNS management console.
Create a new TXT record and enter "v=spf1" as the beginning of the record.



Add the IP addresses of your authorized email servers. For example, if you use Google Workspace, the record should include:_spf.google.com.
Add the -all mechanism to your SPF record to specify that any email messages sent from servers not specified in the record should be rejected.
Save the changes to the DNS record.

By setting up SPF, you can prevent email spoofing and improve email deliverability.

Setting up DKIM

DKIM is an email authentication protocol that uses public-key cryptography to verify that an email message was sent from an authorized mail server. 

You can find help on how to set up DKIM for Google and Microsoft.

Here's how to set up DKIM:

Log in to your email provider's admin console and generate a public and private key pair.
Add the public key to your domain's DNS records as a TXT record. The record should have a selector name and a long string of characters that represents the public key.



Enable DKIM signing in your email server configuration by adding the private key to your email server.
Test DKIM authentication by sending an email to an email address that supports DKIM verification, such as Gmail.

By setting up DKIM, you can improve email deliverability and prevent email spoofing.

Updated on: 25/06/2024