×

Sign up for a live demo

Small Business CRM
Take Command. Create Demand.
Navigation

Title search:


Setting Up SPF, DKIM and DMARC

By Jill Dimel

You can improve your email delivery with simple records in your domain name settings (DNS):  SPF, DKIM and DMARC.   These methods help verify your emails have not been forged.  They increase the confidence of your subscribers that your emails are not spam.

Sender Policy Framework (SPF) authorizes which servers are allowed to send emails for your domain.   It is a simple email validation system designed to help recipients determine if email is legitimate or spam by making sure the server has permission to send the emails for your domain.

Domain Keys Identified Mail (DKIM) record adds a digital signature to your email to verify the content of the email.  The DKIM check determines if the message was signed and associated with the correct domain and that the content has not been modified.

SPF, DKIM and DMARC are added as txt records in your DNS settings.   DNS settings are typically updated through your domain registrar.  If you are not familiar with DNS, you can provide this information to your website admin or network admin to make the updates for you.

DNS - DKIM

DomainKeys Identified eMail (DKIM) identifies a message in transit as being authorized by the sending domain. It is not required, but it increases deliverability to some of the larger ISPs (including AOL, Google, and Yahoo).

kesq._domainkey

If you opt to use DKIM, add the following TXT entry to the "kesq._domainkey" record within your domain, removing any quotes and line-breaks.

  • Host: kesq._domainkey

  • Type: TXT

  • Text:*

*For the full Text, login to your GreenRope account and access the Knowledge Base Topic "DKIM"

If it doesn't allow semi-colons (";") try prefixing them with a backslash ("\;"). This must all be placed in one entry (on one line), with no spaces anywhere between 'p=' and the end of the long crypto string.

GoDaddy, Google Domains, and CloudFlare will do the right thing with the DKIM TXT entry. Unfortunately Network Solutions does not allow keys longer than 255 characters in length, so you will need to continue using the old 'kesp' DKIM until such time that they upgrade their system to support long DNS entries. For the old 'kesp' key, see below.

kesp._domainkey

GoDaddy, Google Domains, and CloudFlare will do the right thing with a very long DKIM TXT entry. Unfortunately, Network Solutions does not allow keys longer than 255 characters in length, so you will need to use the old 'kesp' DKIM until such time that they upgrade their system to support long DNS entries.

  • Host: kesp._domainkey

  • Type: TXT

  • Text:*

*For the full Text, login to your GreenRope account and access the Knowledge Base Topic "DKIM"

DNS - SPF

Sender Policy Framework is a system used to detect and deter email spoofing by validating that the email came from identified sender. We recommend all companies that send email use SPF, as you will get better deliverability with it, but it's not a requirement.

  • Host: @

  • Type: TXT

  • *Text: v=spf1 include:_spf.stgi.net ~all

If you already have an SPF record, you can just add "include:_spf.stgi.net" in there, anywhere before the "~all" or "-all" at the end.

*SPF records should include all mail servers that you use to send emails.  This would include servers for your primary email provider (Microsoft, GoDaddy, Network Solutions, etc.) and any third party provider, like GreenRope. If you are not sure how to include your mail servers, please contact your email provider for additional information.

DNS - DMARC

Domain-based Message Authentication, Reporting & Conformance (or DMARC) is a framework allowing the major ISPs to work with email providers to reduce spoofing and phishing. Also optional, but highly recommended. You will need to add the following to the DNS for your domain.

  • Host: _dmarc

  • Type: TXT

  • Text:*

*For the full Text, login to your GreenRope account and access the Knowledge Base Topic "DKIM"

If your DNS manager does not allow semi-colons (";") try putting a back-slash in front of them ("\;").

If you set up a DMARC record, it is important that you also set up a custom MTA in your GreenRope Account. We recommend using a unique sub-domain of your sending domain.

To configure your custom MTA

  • Go to the Communicate > Email tab

  • Click MTA (to the right of the from address field).  

  • Type the domain for your custom domain into the text field.

  • Click add.

  • After the mta refreshes, click the “setup” button below the mta name.  

  • Follow the instructions for setting up a CNAME record in your DNS manager to complete the setup of the custom mta.

There will be a green checkmark beside the mta name when the setup up is verified.  

Share: https://www.greenrope.com/blog/Blog479/Setting-Up-SPF-DKIM-and-DMARC